This alert may not be shared outside your organization, Do Not Repost or send, place on other websites, List servers, or send to others via email, including other associations or parties. Members and Law enforcement use only. Contact us for any permissions. To do otherwise will result in the loss of membership.
Did You Just Try to Login? Why Account Takeover Is Still on the Rise
Walking through the exhibit hall this week at Black Hat USA 2023, the number of solutions for “Next Generation Threats” and “AI-Powered Adversaries” might reasonably lead you to believe that this is where a majority of cyber risk lies. Indeed the fixation on well-resourced adversaries capable of doing novel and clever things is so ubiquitous that it might cause you to think that classic problems have been largely “solved.” This begs the question: With so many security vendors out there, why does Account Takeover (ATO) still occur?
Account takeover (ATO) attacks have recently surged, impacting 1 in 4 adults in the US. The primary culprit is credential stuffing, the rapid testing of username and password pairs harvested from previous breaches. What makes this attack vector particularly vexing is its source – not platform vulnerabilities or cryptographic flaws – but the widespread habit of users reusing credentials across sites.