Cequence Security Threat Research Team analyzed more than 21 billion applications transactions between June and December of 2021, API-based account registration and login transactions raised by 92 percent and around 850 million. It highlights the fact that hackers cherish APIs as developers do. The same database that shows account takeover (ATO) attacks on login APIs grew by 62 percent. An ATO causes an end-user to panic, with getting messages like “you have received a password reset notification from your favorite retailer/social media/financial institution because your account has been compromised.”
If you are ever hit by an ATO, you will probably not want to conduct business with the organization that is associated with the account. This affects businesses by causing them to lose valuable customers and also hits the profit bottom lines due to loss in sales, brand damage, and infrastructure cost overruns. ATO techniques have evolved over credential stuffing, which is a high-volume, generally used technique. ATO now includes slow and low attacks having specific usernames and passwords. It follows a pattern, for instance, attacks on organizations and employees having some social presence (recommendations, reviews, etc.).
For these people, ATOs have become a constant problem, the goal here is not to steal sensitive information, but to use these hijacked accounts for amplifying negative or positive information.
The patterns observed in these attacks have been seen earlier in varying forms in different customer environments. Bots go silent for a while but return to cause more damage. Noticing these bot behaviors suggested that botters work together by sharing ideas, studying unsafe vectors (deprecated APIs), to prepare for the next attack.
A robust defense system will require continuous monitoring, reviewing of all endpoints- mobile and Web API, cooperation between safety and peers. "ATO is a problem that more and more organizations are facing as threat actors want to steal gift cards, access one-click purchasing, and dominate hype-sales to buy and resell the inventory. As we have seen through this analysis, the pace and vigor are on the rise. All organizations that have an authenticated application should consider monitoring for ATO, and build mitigations to ensure their customer satisfaction remains high," writes Jason Kent for Threat Post.