Types of compromised accounts
Email, social media, and business accounts are the most common types of compromised accounts, and they pose a big risk to sensitive data.
Email accounts
Email accounts can be used to reset passwords for different applications, leading to privilege escalation1. When an email account is compromised, attackers can gain access to institutional data, confidential information, and personally identifiable information. Phishing attacks are the primary way email accounts are compromised, and businesses with no protection are at high risk.
Social media accounts
Even social media accounts with no access to sensitive data are valuable to hackers as they can provide access to personal information, which can be used for identity theft and fraud. Compromised social media accounts may display unexpected updates, and users should look for unusual activity on their accounts. Moreover, using the same password for multiple accounts can put all of a user's accounts at risk of compromise, not just their social media accounts.
Financial accounts
Financial accounts are targeted because they contain sensitive information like credit card numbers and bank account numbers that can be used to commit fraud or make purchases without permission. Again, phishing scams are a common tactic used by attackers to get people to give them their login information.
How are accounts compromised?
Accounts are compromised in various ways, but phishing attacks and credential theft attacks are very common.
Phishing attacks
Phishing attacks are the most common path to a data breach. Attackers use fake emails and domain names to trick users into giving up their login information. Accounts can be compromised if they use a weak password, if a malicious third party has access to them, if they have a virus or malware, or if they are on a network that has been hacked.
Credential stuffing attacks
In a credential stuffing attack, attackers use automated tools to test a list of stolen usernames and passwords on multiple websites, because many people use the same username and password combination on more than one platform. When attackers find credentials that work, they can steal sensitive information or raise their privileges to get to even more important data. It is critical that people use a unique, strong password on every website, app, or account they use.
Arkose Labs $1 Million Credential Stuffing Warranty Guarantees Success Against Volumetric Credential Stuffing Attacks
How to Spot Compromised Accounts
Being able to spot a compromised account is crucial for preventing any damage that might occur. To spot a compromised account, businesses should monitor any suspicious activity, such as unfamiliar login locations, new devices or IP addresses, or unexpected changes in account settings.
Unusual outbound traffic
As they collect information, attackers will slowly send data to an outside network. The transferred data will show that outbound traffic is higher than usual, especially during off-peak hours.
Unusual user activity on sensitive data
Users with high privileges often access sensitive data in a predictable way, such as at a certain time or on a certain day. In a breach, an attacker might exfiltrate company data on unusual days or times.
Network requests from unusual geolocations
VPN or network access from unusual locations or a suspicious IP address could indicate an account compromise.
Increased failed authentication requests
During a brute-force attack, failed login attempts are detected, and account lockouts will stop these authentication attempts. But an attacker will keep trying other user accounts until they find a compromised account with credentials that work.
Increased access attempts on important files
Attackers may try to gain access to files that contain trade secrets and intellectual property.
Unusual configuration changes
Many times, attackers change system configurations to provide a backdoor for persistent access.
Increased device traffic to a specific address
Compromised networks and devices could become part of a botnet used in a distributed denial-of-service (DDoS).
Consequences of a compromised business account
Attackers often target high-privileged accounts, or the accounts of key employees, in spear-phishing attacks to gain access to sensitive business information. When successful, attackers may carry out CEO fraud, also called "whaling," data exfiltration, or install ransomware. Any of these can be devastating to a business, its employees, and its customers.
Impersonation/Whaling
Compromised business accounts can provide a way for malicious actors to impersonate legitimate employees or executives and attempt to defraud the company. This type of attack, known as CEO fraud or "whaling," can cause devastating financial and reputational damage to businesses. Companies can train their employees on how to recognize and avoid phishing emails and other types of social engineering attacks that can lead to compromised accounts.
Data exfiltration
Data exfiltration is the unauthorized copying, transfer, or retrieval of data from either a server or an individual’s computer. Methods of data exfiltration include database leaks, network traffic, file sharing, and corporate email. Organizations with high-value data are particularly at risk of data exfiltration, either from outside threat actors or trusted insiders or employees.
Ransomware installation
Ransomware encrypts a company's own data and prevents access to it. Most of the time, attackers try to blackmail an organization by making it pay a ransom to get its own data back. If the company doesn't pay the ransom, an attacker might threaten to publicly expose the data.
How Arkose Labs Can Help
The old axiom about the best offense is a good defense certainly applies to compromised accounts. Arkose Labs bot management solution combines detection with targeted attack response to catch fraud early in the customer journey, without impacting good users. Fraud and security teams gain the advanced detection power, risk insights, and option for user-friendly enforcement they need to prevent compromised accounts due to phishing attacks and credential stuffing attacks. In fact, we’re the only company with a $1 Million Credential Stuffing Warranty. To learn more, book a demo today!
