Security News > 2021 > August > The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers

The Underground Economy: Recon, Weaponization & Delivery for Account Takeovers
2021-08-30 19:44

In part one of a two-part series, Akamai's director of security technology and strategy, Tony Lauro, lays out what orgs need to know to defend against account takeover attacks.

With account takeover attacks on the rise, stopping threat actors in the early phases of the kill chain will help today's defenders gain an upper hand against direct fraud campaigns.

Pastebin, ControlC, Combo-lists.com and ZeroBin.net are examples of underground economy sites for attackers to find combo-lists.

Attackers can't just directly launch into delivery.

Attackers who are targeting U.S.-based companies no longer launch attacks from out-of-country IP addresses, because that would be too obvious and easily flagged as suspicious account activity.

Keep in mind that attackers might execute the account-takeover attack themselves, but it's also very common for criminals to sell validated credentials to another criminal group operating within the internet's underground economy.


News URL

https://threatpost.com/underground-economy-account-takeovers/169032/