ATO Attacks: What Organizations Need to Know

Passwords are a ubiquitous form of authentication in most organizations, but unfortunately, weak password hygiene habits like password reuse or using easily guessable passwords are still common. According to the Bitwarden 2023 Password Decision Survey, 90% of employees admit to reusing passwords. This creates a significant security risk because attackers can use these compromised credentials to gain unauthorized access to an organization’s information, leading to account takeover (ATO) attacks.

ATO attacks have become more sophisticated and frequent, leading to data breaches, reputational damage, and operational disruptions. It is crucial for organizations to understand what ATO is, who is targeted, and what they can do to prevent it.

What is Account Takeover (ATO)?

ATO is a type of identity theft where cybercriminals steal employee passwords to gain access to an organization’s information. Once attackers have access to a corporate account, they can steal company data, create backdoors, and use impersonation as a form of social engineering. Attackers can also employ malware and maintain ongoing access to the company for nefarious reasons. The entry point is often a single compromised corporate credential.

Who is a Target for ATO?

Everyone using passwords for authentication is vulnerable to ATO attacks. Large high-revenue companies like national banks or healthcare organizations are targets because their payoff is often massive if hackers can complete a successful attack. However, small- and mid-sized companies are also targeted. Cybercriminals have realized that smaller organizations may not have the resources to establish cybersecurity protocols or have the IT resources to adequately protect their assets.

How Can I Prevent ATO Attacks?

To prevent ATO attacks, organizations can take several steps:

1. Enforce Password Policies: Organizations should enforce password policies that require unique passwords. This practice can reduce the effectiveness of password spraying and credential stuffing attacks. Adhering to a robust framework such as NIST 800-63b is one way to ensure a strong password policy.
2. Monitor Credentials in Your Environment for Exposure on the Dark Web: A password that is safe today may become compromised at any time. Regulatory frameworks, such as NIST, require organizations to monitor passwords for compromise and reset those that have been detected in a breach. Continuously monitoring and remediating when a password has been exposed greatly reduces the risk of ATO.
3. Delete Unused Accounts: When accounts are left inactive or unmonitored, they can become vulnerable to unauthorized access or misuse. Former employees may still have access, and these accounts can be targeted and compromised by hackers.

A proactive approach to cybersecurity is crucial in today’s digital landscape, and protecting against ATO attacks is a critical component of any organization’s security strategy. Security teams must prioritize the implementation of strong password policies, continuous monitoring of credentials, and the deletion of unused accounts to reduce the risk of ATO attacks. By doing so, companies can protect themselves from data breaches, reputational damage, and operational disruptions. See your domain’s password vulnerabilities in seconds and protect your accounts from ATO with Enzoic for Active Directory Lite.

Download the full ATO paper, “The Prevalence and Impact of Account Takeover”.

AUTHOR

Josh Parsons

Josh is the Product Marketing Manager at Enzoic, where he leads the development and execution of strategies to bring innovative threat intelligence solutions to market. Outside of work, he can be found at the nearest bookstore or exploring the city’s local coffee scene.