Phishing attacks are familiar to many internet users. However, what if the attack came from a trusted boss, colleague or friend? What if they engaged in a dialogue and were able to recall details of previous email exchanges? In this case, it becomes far harder for an attacker to be spotted.
This type of attack is known as an account takeover, and is on the rise. Similar to phishing, attackers gain access to accounts by tricking users into sharing their username and password. Once in, attackers posing as legitimate users already have the trust of those within the users' network, and may slip through security systems without raising the same red flags as some other types of attack--that is, until it's too late.
According to a survey by Javelin, in 2017, account takeover attacks led to over $5.lbn in losses, making them a serious area of concern for organisations.
Ellen Daniel from GlobalData's Verdict spoke to Hatem Naguib, COO of IT security company Barracuda Networks, on how to stop this type of attack in its tracks, and the tools needed to combat future threats.
ED: What are the characteristics of these attacks?
Naguib: "What tends to happen in account takeovers is that the attacker will basically assume the identity of the person so it will be you in the environment, no one will be able to tell at all that it's not you because I've gotten the Office 365 credentials. And I'll start slowly sending out emails so that I can get better confidence and trust. I usually go to high-value targets who immediately recognise it's me sending the email, and then through that I'll be able to gain access to whatever I want, potentially financial information.
ED: What are the motivations behind account takeovers?
Naguib: "It's usually money. But now when you see more nation-state type of involvement, obviously then I can gain access to intellectual property. And gaining access to intellectual property I think really does motivate a lot of capabilities around corporate...