Cyber Security Strategy

Account Takeover Attacks Predicted to Increase in 2022

Account Takeover Attacks Predicted to Increase in 2022

CyberEdge Group just released the 2022 Cyberthreat Defense Report, an annual survey of 1200 IT security professionals in 17 countries across 19 industries. The report presents critical insights into the top threats that online organizations are facing and their plans to protect their web and mobile apps and APIs. Here are four key takeaways.

1. Credential Stuffing and Account Takeover on the Rise

Respondents' concern of account takeover (ATO) and credential stuffing attacks rose significantly this year. According to CyberEdge, “ATO attacks are poised to overtake malware as the #1 concern Malware is still perceived as the most important threat, but ATO and credential abuse attacks moved up from fourth place last year to #2 this year.”

Relative convern for cyberthreats

Concern for ATO and credential stuffing attacks increased the most of any of the 12 cyberthreat categories in the survey. CyberEdge predicts that “ATO will take over the top spot in the next year or two.”

Protect Against ATO and Credential Stuffing Attacks:

  • Proactively monitor compromised credentials actively being used in real-world attacks, and automatically disallow them from being used on your site.
  • Leverage hidden and behind-the-scenes detection methods, such as honeypots and proof or work.
  • Adopt machine learning technology to detect and mitigate automated login attacks against your web and mobile apps and APIs.

2. Personally Identifiable Information (PII) Harvesting is the #1 Threat to Web Apps

PII harvesting was the top-rated threat against web apps this year. The number of respondents reporting this concern jumped nearly 7%, from 39.7% in 2021 to 46.6% in 2022. Often PII harvesting involves embedding malicious code in vulnerable JavaScript that captures personal data — such as credit card numbers, credentials and other PII — when users fill out a form.

Web and mobile application attacks

The JavaScript targeted in PII harvesting attacks runs on the client side, meaning it loads in users’ browsers outside typical web controls. Website owners lack complete visibility into these scripts, so attackers are often able to capture PII without detection — which they can use to access user accounts, strengthen phishing attacks, steal identities, and perform other malicious activities.

Proactively stop PII harvesting:

  • Continuously monitor all client-side scripts for anomalous activity — such as behavior changes, communication with new network domains or DOM modifications — which could leave the website open to PII harvesting.
  • Establish content security policy (CSP) rules to stop malicious script injections from loading and to prevent data transfer.
  • Enable granular JavaScript blocking to prevent specific actions without disabling the entire script, ensuring PCI and privacy compliance.

3. Identity is the Top Target of Cyberattacks

The percentage of respondents concerned about PII harvesting, credential stuffing and ATO, carding, and digital skimming/magecart have increased since 2021. And those attacks have something in common: the theft and fraudulent use of identity.

If cybercriminals can carry out attacks while hiding behind a legitimate user’s identity, the opportunities to commit fraud increase significantly. As the number of work-from-home employees and study-at-home students continues to rise, there are more targets for cybercriminals and more incentives for them to perfect their tactics, techniques, and procedures.

Prevent the theft, validation and fraudulent use of users’ identity information:

  • Stay up-to-date on patch management to block use of known vulnerabilities in older versions of software that could be easily exploited to skim payment data and PII.
  • Adopt a behavior-based bot management solution to detect and mitigate automated login and checkout attacks against your web and mobile apps and APIs.
  • Continuously monitor behavior and authenticate users post-login to reduce the risk of account fraud.

4. Lack of Security Technology Leads to Competitive Disadvantage

According to CyberEdge, “the typical organization’s attack surface continues to expand, driven primarily by the effects of the COVID-19 pandemic.” Yet, though there is increasing concern about malware, PII harvesting, credential stuffing and ATO, the adoption of security tools to manage these risks remains low.

Still, website decision makers are planning to get their web app security tech stack back on course. According to CyberEdge, "The number-one technology for upcoming purchases is bot management, planned for acquisition in 39.8% of organizations.” Bot management solutions help defend web and mobile apps and APIs from the many types of attacks that utilize bot networks, including credential stuffing, ATO, carding, content scraping and inventory hoarding.

Protect Your Online Business from Bot Attacks and Client-side Threats

The report found that “skilled personnel” and “low security awareness among employees” were the top barriers to establishing effective cybersecurity defenses — for the third year in a row. This presents an opportunity to leverage automation and machine-learning technology to protect your business without burdening your employees.

As the cyberthreat landscape continues to change, businesses must evolve their application security strategy and leverage technology to protect users’ account and identity information everywhere along their digital journey. Gathering insights from The 2022 Cyberthreat Defense Report is a great place to start. Contact us to learn how to protect yourself from bot attacks and client-side threats.

Forrester Report

PerimeterX Named a Leader in the Forrester Wave™: Bot Management, Q2 2022

Download Report
© PerimeterX, Inc. All rights reserved.