Email Threats

Account Takeover

Whether through phishing, credential harvesting, data leaks or via the Dark Web, threat actors can compromise cloud accounts through various means.

A successful account takeover is one step closer to an attacker’s end goal – financial, knowledge-based or reputational damage to your business.

of businesses identified a cyber attack in 2022

Cyber Security Breaches Survey 2022

OF DATA BREACHES RESULTED FROM COMPROMISED CREDENTIALS

ENISA Threat Landscape for Supply Chain Attacks 2021

4.5

AVERAGE COST OF COMPROMSED CREDENTIALS LEADING TO DATA BREACHES

IBM 2022 Cost of Data Breach Report

It takes a single account

Account takeover is an attacker’s dream – if successful they have access to everything that user has access to, including sensitive data and communications.

Once inside, they can use the trusted contact as a springboard to launch a further assault.

A rising threat

Account takeover is becoming increasingly popular, with attackers purchasing credentials on the Dark Web rather than stealing directly from users, saving them the arduous task of cracking passwords.

Meanwhile, as more and more sensitive information is being stored on cloud accounts, the potential return for attackers has increased.

Identifying an account takeover:

Timeline of a typical account takeover

Attacker acquires credentials through a data leak, phishing campaign or credential stuffing

Account is breached successfully – attacker assumes identity of user and modifies log-in/authentication processes

Attacker does internal reconnaissance and moves laterally to escalate privileges and get closer to sensitive assets

Impact on the business can range from sensitive data loss to reputational damage, as attacker leapfrogs onto other contacts

Detection on multiple fronts

Many email security tools only look at a user’s inbox, rather than their full account activity. Account takeovers therefore fall outside their scope.

Most organizations have now implemented multi-factor authentication (MFA) tools to combat account takeover, but attackers are increasingly finding a way round even these defenses.

Blog: Detecting a Microsoft 365 account hijack using MFA

A 360-degree view of every user

Darktrace’s AI learns every account user's normal “pattern of life", gathering a picture of their everyday activity across devices and cloud services.

Darktrace revealing the activity leading up to an account takeover.

Gives you the full picture

Combining insights from across the inbox and account activity, Darktrace presents all relevant activity around an incident in a single timeline.

Takes appropriate action

Darktrace considers every user in their unique context to ask, is this activity normal? and autonomously responds to high-confidence threats with precision to prevent account takeover with minimal disruption to users.

In DEPTH

Inside a multi-account hijack

“Security teams struggle with reduced visibility and control over SaaS environments, and cyber-criminals have been quick to take advantage, launching a wave of cloud-based attacks, from Vendor Email Compromise to internal account hijacks.”

Example Account Takeover