Webinar: Understand and manage account-takeover risks

Of all the many ways that cybercriminals attempt to infiltrate and compromise your network and your business, account takeover (ATO) attacks are one of the most pernicious and costly. These complex, multistage attacks can be very challenging to detect using traditional email-security solutions.

To fully understand the ATO attack chain and why these threats are so often successful — and to gain insights and strategies for effectively combating them — attend a new webinar coming up soon, on Sept. 26.

Multiple stages of account takeover attacks

Criminals who launch ATO attacks are patient and persistent, carefully working their way through four distinct attack stages. If they do their crooked work well enough, they end up with a solid payday. In 2020, ATO fraud is estimated to have cost U.S. businesses $25.6 billion — a 500% increase from 2017.

• Infiltration is the first stage. Using targeted phishing and other techniques, perpetrators acquire credentials that allow them access to your network and internal communications.
• Reconnaissance follows infiltration. During this stage — which can be quite lengthy — your attackers monitor communications in order to gain an understanding of corporate structure, find accounts of high-privilege employees, become familiar with individual email writing styles, and more.
• Harvesting credentials is the next stage. Having decided on a high-level account to take over and having gained insights on how to craft a phishing attack that will succeed with that person, attackers put their knowledge to work by tricking their target into unknowingly giving up their account credentials.
• Monetization is the final step of the attack. Simply selling the stolen credentials on the dark web doesn’t bring much revenue, but it’s a sure thing. A slightly riskier, but far more profitable approach is to use those credentials to impersonate a high-level employee and commit fraud by requesting funds transfers or by other means.

At the webinar, Senior Product Marketing Manager Ilya Gaidarov will provide a far more in-depth analysis of how these attacks typically unfold.

Solving detection challenges

Ilya will also show you exactly why ATO attacks are so notoriously difficult to detect using traditional security solutions. A big part of the problem is that, once the attacker has infiltrated your network, all the subsequent malicious traffic is purely internal, meaning that email security gateways never even see it.

To address this challenge, you need modern, AI-powered Account Takeover Protection capabilities like those included in Barracuda Email Protection. These advanced capabilities include the ability to constantly monitor internal communications and to identify and quarantine anomalous emails that indicate fraud, lateral phishing, and other malicious actions.

By identifying ATO attempts in progress and notifying IT automatically, this type of advanced solution can shut down and lock out attackers before they have an opportunity to harvest valuable credentials or monetize their access to your network.

If you want to get a deep dive into how ATO attacks work, why they’re increasingly dangerous, how they put your organization at risk, and how to effectively manage that risk, be sure to reserve your spot at this fast-approaching webinar.