Digital identity: the new favorite target of scammers

Digital identification is a key resource today, including for financially motivated attackers.

According to a recent study by Verizon, 61% of data breaches are due to compromised credentials. This is a common tactic among scammers: by using third-party credentials, they avoid detection while collecting stolen information and data, allowing them to conduct further fraudulent transactions.

If access control is a fundamental tool for protecting systems, it has its limits. Attackers constantly try to bypass these barriers to gain access to accounts, often targeting login and payment paths. This is why many organizations today are investing in anti-fraud technologies to detect and mitigate these attacks.

However, scam tactics are just as effective when they target identity systems such as provisioning, device management, registration, and password reset. These systems, which underlie access control, are becoming a prime target for fraudsters.

More and more experienced scammers

Historically, scammers have used credentials available on the dark web—compromised through data breaches or breaches—without realizing that these accounts have any value. They also lacked accurate information to monitor the behavior of real users in order to avoid detection when accounts were accessed illegally.

Today, ransomware groups such as LockBit, Avaddon, DarkSide, Conti, and BlackByte rely on Initial Access Brokers (IABs) to buy data from vulnerable organizations on dark web forums. These brokers have been growing in popularity lately as they make it easy and affordable to buy credentials. This shows how the dark web scammers’ business acumen continues to hone.

Increasing Identity-Based Attacks

Recent attacks and ransomware attempts, such as those targeted by Okta and Microsoft, illustrate the extent of the damage that account takeover (ATO) attacks can cause. This type of attack is currently preferred by many scammers, with a recent study showing that they grew by 148% between 2020 and 2021. The Lapsus$ ransomware group, for example, carried out all of its ATO attacks using stolen credentials. These groups continue to buy compromised data in favor of those with access to the source code.

While all online accounts are vulnerable to ATO attacks, attackers naturally target primary targets such as bank accounts or loyalty accounts that have monetary value and contain stored payment information. Like Lapsus$, these scammers typically use automated tools such as botnets to carry out continuous attacks (such as credential spoofing or brute-force attacks) against important targets.

Fraud tactics also include phishing, call center scams, man-in-the-middle (MITM) attacks, and a technique known as click farms, which involves using other attackers to manually enter login credentials and thus , bypassing automatic login detection tools. . These techniques take fraudsters to the next level by greatly increasing their chances of obtaining personal data that can be used to illegally gain access to user accounts.

Layered access control is no longer enough, give way to identity-based security systems

Historically, access control has implemented authentication and authorization services to verify identity. Authentication identifies users, authorization determines what they must do.

While these services were once considered a good first line of defense against identity fraud, today they can be easily bypassed. Fraudsters constantly seek to infiltrate organizations at the intersection of security and usability. However, this does not mean that protections should do the same. Seeking only to make systems very secure or very easy to use would make another attribute more vulnerable.

Therefore, organizations need a second layer of security. An automated and robust corruption detection and remediation solution must be deployed to block increasingly sophisticated and dynamic attack methods.

One option is to focus on management tools capable of capturing billions of personas and consumer behaviors. This will allow security services to detect unusual user behavior in real time, including the actions of automated bots. Implementing tools that use machine learning algorithms that can “learn” user behavior will allow organizations to recognize fraudulent tactics throughout the entire identity lifecycle, including account creation and maintenance. This will protect the data before it is compromised and sold to the highest bidder.

Ultimately, to defeat dynamic cybercriminals, companies must think like their main enemies and put in place systems that can prevent their customers’ personal data from falling into the wrong hands.

Back to top button

Adblock Detected

Please consider supporting us by disabling your ad blocker.