IT disaster recovery, cloud computing and information security news

Emerging threats: account takeover based attacks rapidly increasing

Findings from an Osterman Research survey show that account takeover based (ATO) attacks are increasing and impacted 44 percent of surveyed businesses in the past 12 months.

The survey of 140 organizations with an average of over 16,821 email users, conducted on behalf of Agari, informs the newly published ‘Protecting Against Account Takeover Based Email Attacks,’ report which claims that observed account takeover-based email attacks more than double month-over-month. Attacks launched from compromised accounts evade traditional detection because they come from a previously-established credible sender.

Account takeover based attacks evade traditional email security solutions, such as secure email gateways (SEGs), because they are sent from established email accounts – no domain name spoofing or display name deception is required. Previously, Agari research has demonstrated that SEGs are unable to detect business email compromise (BEC) because there is no malicious payload involved. Consequently, ATO-based BEC attacks present a very high risk to organizations because no security controls can detect them.

“Agari’s research demonstrates what CISOs have suspected for years: traditional email security solutions, such as secure email gateways, based on inspection and reputation are unable to detect advanced email attacks, such as account takeover,” said Ravi Khatod, CEO, Agari. “As criminals have refined their techniques, impersonating and targeting the highest levels of corporate leadership, organizations risk giving away the keys to the kingdom.”

More details.



Want news and features emailed to you?

Signup to our free newsletters and never miss a story.

A website you can trust

The entire Continuity Central website is scanned daily by Sucuri to ensure that no malware exists within the site. This means that you can browse with complete confidence.

Business continuity?

Business continuity can be defined as 'the processes, procedures, decisions and activities to ensure that an organization can continue to function through an operational interruption'. Read more about the basics of business continuity here.

Get the latest news and information sent to you by email

Continuity Central provides a number of free newsletters which are distributed by email. To subscribe click here.