In the previous installment of our blog series on the modern threat landscape, we looked at how attackers can use credential stuffing attacks to break into valid user accounts. Today, we will continue to follow that theme by diving into the world of account takeovers (ATOs) to see how attackers use compromised accounts to commit fraud.
Like other threats covered in this series, account takeovers are problematic for traditional OWASP-style WAF rules. While these rules look for overt malicious actions such as injections or XSS attempts, an account takeover involves an attacker who has already gained credentialed access to a user’s account. At this point, there is typically no need for a traditional exploit as the attacker will perform various types of fraud with the compromised user’s account.