Email Threats

Account Takeover

Whether through phishing, credential harvesting, data leaks or via the Dark Web, threat actors can compromise cloud accounts through various means.
A successful account takeover is one step closer to an attacker’s end goal – financial, knowledge-based or reputational damage to your business.
39
%
of businesses identified a cyber attack in 2022
Cyber Security Breaches Survey 2022
19
%
OF DATA BREACHES RESULTED FROM COMPROMISED CREDENTIALS
ENISA Threat Landscape for Supply Chain Attacks 2021
$
4.5
M
AVERAGE COST OF COMPROMSED CREDENTIALS LEADING TO DATA BREACHES
IBM 2022 Cost of Data Breach Report

It takes a single account

Account takeover is an attacker’s dream – if successful they have access to everything that user has access to, including sensitive data and communications. ​
Once inside, they can use the trusted contact as a springboard to launch a further assault.​

A rising threat

Account takeover is becoming increasingly popular, with attackers purchasing credentials on the Dark Web rather than stealing directly from users, saving them the arduous task of cracking passwords.
Meanwhile, as more and more sensitive information is being stored on cloud accounts, the potential return for attackers has increased.
Identifying an account takeover:

Timeline of a typical account takeover

1
Attacker acquires credentials through a data leak, phishing campaign or credential stuffing
2
Account is breached successfully – attacker assumes identity of user and modifies log-in/authentication processes
3
Attacker does internal reconnaissance and moves laterally to escalate privileges and get closer to sensitive assets
4
Impact on the business can range from sensitive data loss to reputational damage, as attacker leapfrogs onto other contacts

Detection on multiple fronts

Many email security tools only look at a user’s inbox, rather than their full account activity. Account takeovers therefore fall outside their scope.
Most organizations have now implemented multi-factor authentication (MFA) tools to combat account takeover, but attackers are increasingly finding a way round even these defenses.
Blog: Detecting a Microsoft 365 account hijack using MFA

A 360-degree view of every user

Darktrace’s AI learns every account user's normal “pattern of life", gathering a picture of their everyday activity across devices and cloud services.
Darktrace revealing the activity leading up to an account takeover.

Gives you the full picture

Combining insights from across the inbox and account activity, Darktrace presents all relevant activity around an incident in a single timeline.

Takes appropriate action

Darktrace considers every user in their unique context to ask, is this activity normal? and autonomously responds to high-confidence threats with precision to prevent account takeover with minimal disruption to users.
In DEPTH

Inside a multi-account hijack

“Security teams struggle with reduced visibility and control over SaaS environments, and cyber-criminals have been quick to take advantage, launching a wave of cloud-based attacks, from Vendor Email Compromise to internal account hijacks.”
Example Account Takeover

Protection across the cloud

Darktrace covers every layer of cloud and account activity.
  • Deploys in minutes
  • Scales to the size of any organization
  • Integrates into SIEMs, SOARs and SSO
  • Flexible cloud or on-premise delivery

Explore other coverage areas

Good news for your business.
Bad news for the bad guys.

Start your free trial

Start your free trial

Flexible delivery
Cloud-based deployment.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
For more information, please see our Privacy Notice.
Thanks, your request has been received
A member of our team will be in touch with you shortly.
YOU MAY FIND INTERESTING
Oops! Something went wrong while submitting the form.

Get a demo

Flexible delivery
You can either install it virtually or with hardware.
Fast install
Just 1 hour to set up – and even less for an email security trial.
Choose your journey
Try out Self-Learning AI wherever you most need it — including cloud, network or email.
No commitment
Full access to the Darktrace Threat Visualizer and three bespoke Threat Reports, with no obligation to purchase.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.