With the rapid adoption of cloud services like Microsoft’s Office 365, and the distributed workforce, the risk of account takeover (ATO) fraud is increasing at alarming rates.
According to a recent Sift index, “ATO fraud attacks have especially spiked by almost 282% from the second quarter of 2019 until the second quarter of 2020”. And we anticipate these numbers will continue to climb as more businesses move operations to the cloud.
Account takeover is a form of identity theft and fraud, where a malicious third party successfully gains access to a user’s account credentials. Once initial access is gained, the damage chain can magnify quickly, with the threat actor using the compromised account to send messages to other employees inside the organization (or beyond) to inflict their damage. In fact, in ATO most cases have seen lateral movement across the network and supply chain almost immediately.