ATO/BEC

Fighting account takeover with Iron Age tools? Enter the 21st century

Fighting account takeover with Iron Age tools? Enter the 21st century

Payment fraud, access to sensitive personal data, identity theft, malware and ransomware attacks, and more are the possible (and likely) results of an Account Takeover (ATO) attack. The prevalence of ATOs has grown massively in recent years. It’s estimated that 1 in 5 adults have had their account taken over in recent years.

But the personal toll of an account takeover attack pales in comparison to the potential business toll. Aside from the immediate and easily-quantifiable damage from ransomware payments or sensitive data leakage, account takeovers can easily lead to lost customers and revenues.

Customers whose accounts are compromised may simply choose to take their business elsewhere. Companies that have been compromised may be liable for regulatory compliance breaches brought to light by the attack. Yet despite the clear and present danger of account takeovers, the tools to combat them remain woefully inadequate.

Why do Account Takeovers happen?

Account takeovers are extremely tempting for threat actors, why? Once a threat actor controls a user’s account, it’s much easier to bypass the legacy secure email gateways and email relay defense systems typically in use in organizations.

When emails or other communications come from a ‘trusted source’ (the compromised account) and don’t contain malicious links (sometimes they do), it’s far more difficult for standard phishing defense mechanisms to identify potential fraud.

This is where existing Integrated Cloud Email Security (ICES) paradigms fall short. These solutions look for oddities in emails & engage in social graphing to better understand the user’s contacts. In essence, this focus is on defending the channel, not the human. And as they don’t have user input, they are not able to create a highly personalized suit which will notice even the slightest changes in communications with your contacts, which could be a takeover attempt.

These solutions delineate trust between two parties based on lowest common denominator parameters. But smart hackers don’t just take over an account and communicate with it – they may send messages or emails that attempt to mimic the account owner’s behavior, or even language usage, to appear legitimate. This type of sophisticated malicious behavior is far more difficult to detect.

Consider a fake payment request received by Finance from the company CEO. Traditional cybersecurity solutions will easily catch such a request if it’s sent from a named account that sports an email address from a different domain.

But what happens when the request comes from the CEO’s actual company account? This is far more likely to bypass traditional defenses – a whitelisted contact coming from the company domain is highly unlikely to raise any red flags for phishing or business email compromise (BEC) detection. And this makes it that much more likely that the Finance department will actually fulfill the CEO’s request and send the requested funds.

  • This is exactly what happened to agricultural supply chain conglomerate the Scoular Company, several years ago. The company Controller received an email from the CEO, who’s account had been unknowingly compromised by hackers. The email claimed that Scoular was acquiring a company in China, and that money for the purchase should be remitted to a bank overseas – $17.2 million. This money was never recovered.
  • In 2020, the high-profile Twitter accounts of Jeff Bezos, Elon Musk, Bill Gates, Barack Obama, Joe Biden, Kanye West and others were taken over by an unknown entity. The attacker tweeted to the hundreds of millions of followers that any Bitcoin payment made immediately by them would be doubled in the 30 minutes following the Tweet. A sufficient number of followers were fooled to ensure a hefty payout to the attacker before Twitter shut down the scam.
  • Most recently, a Hong Kong bank executive got a call from a familiar voice, someone whom he’d previously spoken to. It was a director at a company with an account at the bank, requesting that the bank exec initiate a $35 million transfer for an acquisition.

Legal paperwork had been sent from the CEO’s email address to the bank – so the transfer was put into motion. Only after the money was gone did the fact that neither the voice nor the email were real. The elaborate scam used an account takeover attack on the CEO’s email, together with a Deep Fake of his voice, to convince the bank manager to act.

Cybernite – Stopping account takeover in its tracks

With account takeover attacks growing in frequency and sophistication, it’s clear that existing defensive paradigms need to be refreshed. Cybernite brings account takeover mitigation out of the stone age and into 2022 and beyond. It marries the power of AI with the power of the human brain – creating the world’s first personal cybersecurity platform.

Our solution doesn’t take anything for granted. The fact that an email comes from a trusted source may be irrelevant if. For example – the email contains some nuances in text with very slight changes in slang or grammar used, when the real sender’s Sent Mail folder is full of exactingly correct language. Cybernite’s AI/ML-powered engine examines such nuances of communication like this to detect potential anomalies, which are then communicated with the user to check the legitimacy of the email.

Our solution gets personal by solving one of the biggest problems in the cybersecurity world today – How to interact with users correctly. This unique feature allows us to gather additional data directly from the user, in addition to the standard technological sources, allowing our AI to build a hyper-personalized experience, which other solutions can’t match. This means that it examines and understands each user’s communication with other individuals over their various interaction platforms. This enables the system to not only flag generic linguistic anomalies, but also the specific lexicon of interaction. For example, if the CEO usually calls the Finance director Fred, but an email from someone claiming to be the CEO addresses him by his full given name – something may be out of line.

And it doesn’t stop there. Each online interaction between machine<>human makes our platform smarter, more powerful, and more effective. CyberNite learns your employees’ online vulnerabilities and works with them to transform each employee from a potential cybersecurity liability into a hardened defensive weapon.

Essentially, Cybernite brings company defenses against account takeover attacks up to the level of sophistication of the attacks themselves. Covering both standard phishing attempts and highly-targeted and difficult-to-detect spear phishing and account takeover attempts employed by experienced cyber criminals – Cybernite gives companies a fighting chance against dangerous account takeovers and more.

SUBSCRIBE TO OUR BLOG

Industry insights, straight to your inbox every week



I agree to receiving communications from Cybernite in line with our Privacy and Cookies Policy.
Begin your experience: