Security News > 2023 > March > Dormant accounts are a low-hanging fruit for attackers

"The vast majority of successful breaches in the past year were the result of account takeover. This research illustrates just how easy enterprises are making it for attackers to target their identities and launch successful ATO attacks," says Oort CEO, Matt Caulfield.

The lack of strong MFA adoption has implications not only for potential account takeover attacks, but also regulatory compliance, citing several compliance frameworks that have requirements for MFA. The report unveils the most commonly targeted accounts are either dormant or those that belong to executives and administrators.

Dormant accounts are the lowest hanging fruit for attackers, and yet represent 24.15% of all accounts for an average enterprise.

Oort found an average of 501 monthly attacks against dormant accounts per company emphasizing the importance of cleaning up and having oversight of suspicious behavior within dormant accounts.

The findings show that administrator accounts, which give attackers the highest degree of permissions, are targeted more than three times the average account and often lacked, or were excluded from, MFA controls.

"Organizations can easily decrease the risk of account takeover by prioritizing identity security. Understanding their identity attack surface, having visibility into basic IAM hygiene issues and MFA compliance can go a long way in eliminating the easiest targets for attackers to succeed," adds Caulfied regarding the opportunity organizations have to address these challenges and reduce their risk of breach.

News URL

https://www.helpnetsecurity.com/2023/03/01/dormant-accounts-takeover-attackers/