Account takeovers have become increasingly common in recent times, with attackers finding innovative ways to breach even the most secure systems. According to a report by Specops Software, this trend is largely due to phishing, session hijacking, and MFA fatigue. But what drives these attacks, and how can organizations protect themselves from such threats?
The proliferation of hybrid working, Bring-Your-Own-Device (BYOD), and third-party access has created a complex security landscape. Enterprises are now faced with the daunting task of managing thousands of identities across cloud services, software-as-a-service applications, endpoints, and remote environments. The lack of visibility into who has access to what and whether that access can be trusted makes it an attractive target for attackers.
The traditional method of phishing involves attempting to steal passwords through spear phishing emails or compromised websites. However, new techniques have emerged in recent years. Attackers now employ MFA fatigue, also known as prompt bombing, where they relentlessly send MFA approval requests until the user eventually gives up and accepts one of them. This technique was showcased in 2022 when attackers targeted an Uber employee by repeatedly prompting him with MFA notifications.
Another technique used by attackers involves stealing authenticated session tokens after login. Attackers use adversary-in-the-middle frameworks and session hijacking tools to bypass multi-factor authentication (MFA) entirely. They can then move freely within the compromised environment, escalating privileges as needed.
Credential phishing attacks have become increasingly sophisticated, with new tactics employed by attackers to evade traditional protections. For instance, a recent phishing campaign used a legitimate Cisco domain through a multi-chain redirect attack designed to increase credibility and evade detection. This showcases how difficult it can be for even security-aware users to identify these attacks.
The problem of account takeovers is not limited to user credentials alone. Employees now regularly access corporate applications from personal devices, which often are unmanaged and may operate outside traditional security controls. This creates a significant blind spot for IT departments, as they lack visibility into whether devices have missing security updates or malware infections.
Infostealer malware has become a major contributor to account takeover activity by harvesting credentials, browser-stored passwords, and authenticated session cookies directly from user devices. To combat these threats, specialized solutions like Specops Device Trust can provide organizations with a comprehensive view of their environment, checking for active threats like disabled security controls and outdated software throughout sessions.
The rise in account takeover attacks highlights the limitations of traditional security controls. These systems are designed to verify credentials and authentication flows rather than determine whether the individual behind them can be trusted. As identity-based attacks become increasingly prevalent, organizations must adapt their approach to prioritize device trust and continuous verification.
Specops Device Trust addresses this challenge by integrating with existing identity providers, VPNs, and SSO tools to strengthen access decisions without adding friction for users. This solution enables security teams to extend their current setup rather than replace it, providing a powerful way to stop account takeovers before they happen.
There is no single silver bullet that can prevent all types of attacks. However, by prioritizing device trust and continuous verification, organizations can fortify their defenses against account takeover threats. With the complexity of enterprise security landscapes only set to grow in the future, adopting a comprehensive approach like Specops Device Trust can help protect identities from even the most sophisticated attacks.
Why it matters:
The constant barrage of phishing and MFA fatigue attacks highlights the urgent need for new approaches to identity verification. By treating device trust as an essential component of security, organizations can safeguard their identities against a growing threat landscape. The value lies in recognizing the limitations of traditional controls and adopting innovative solutions that prioritize continuous verification throughout every interaction.
Source: Bleeping Computer
