Security News > 2022 > February > The Account Takeover Cat-and-Mouse Game

In an analysis of more than 21 billion application transactions analyzed by the Cequence Security Threat Research Team between June and December of last year, API-based account login and registration transactions increased by 92 percent to more than 850 million.

Highlighting the fact that attackers love APIs just as much as developers, that same dataset showed account takeover attacks on login APIs increased by 62 percent.

The initial impact of an ATO on an end user is to panic - they often get a message like, "You have received a password reset notification from your favorite retailer/social media/financial institution because your account has been compromised."

Being a victim of account takeover isn't very fun and causes one to want to stop doing business with the organization the account is for.

For them, account takeovers are a persistent problem where the goal is to not necessarily steal from the compromised account, but to use it to amplify positive or negative information.

Phase 2: Bots returned with a vengeance beginning in late July, continuing for nearly two months with pedal to the metal, high-volume attacks consuming up to 80 percent of all login traffic.

News URL

https://threatpost.com/account-takeover-cat-mouse-game/178128/