Data Breaches in 2021: What Do They Have to Do With Account Takeover?
Sophisticated cyber attacks have been on a steep rise in recent times, especially during the pandemic. 2021 may mark a temporary end of the Covid-19 outbreak as more people are getting vaccinated, but definitely not the end of online fraud and cybercrimes. In fact, a report revealed that successful cyber attacks targeted on organizations and enterprises rose 5.5% in 2021, the largest increase in the past 6 years.
As common aftermath of cyberattacks, data breach is one of the greatest concerns affecting the world now.
Recent Data Breaches (Q1 & Q2 2021)
As the global pandemic changed the way people work and live, risky online actions that happened during remote work, online classes or online shopping, etc. are increasing the likelihood of data breaches.
Let's refresh our memory with the following 6 data breaches that happened earlier this year.
1. Ubiquiti Customer Data Breach
In a public notice on January 11, Internet of Things (IoT) giant, Ubiquiti, Inc., alerted its customers to a data breach caused by unauthorized access to their information technology system hosted by a third-party cloud provider. The data may include the user's name, email address, and one-way encrypted password. The notice advised customers to change passwords and enable two-factor authentication.
2. Microsoft Exchange Server Data Breach
On March 2, Microsoft acknowledged that the Microsoft Exchange Server had been subjected to four zero-day exploits starting from early January 2021. Microsoft Exchange Server is an email, calendaring, contact, scheduling, and collaboration platform, whose users range from enterprise giants to small & medium-sized businesses worldwide. The data leak provided attackers full access to user emails of at least 30,000 organizations in the United States, and 7,000 servers in the United Kingdom.
3. U.S. Cellular Customer Database Breach
U.S. Cellular, the fourth-largest wireless carrier in America, reported a security incident on January 21. The attacker scammed the company's employees into downloading malicious software in order to gain access to its customer relationship management (CRM) software which containing account records for 4.9 million customers, including names, addresses, cellular phone numbers, plan information, and access PINs.
4. California DMV Hit by Data Breach
The California Department of Motor Vehicles (DMV) announced a security breach in February that approximately 38 million records may have been compromised. The information leak was caused by a ransomware attack on one of DMV's vendors who verifies vehicle registration addresses for it. The affected data includes drivers’ personal information, including names, addresses, license plate numbers, and vehicle identification numbers, from the last 20 months.
5. Airlines Data Leak
SITA, the global aviation tech giant which supports 90% of the world’s airlines, confirmed the data security incident that happened on February 24, and then more airlines disclosed the impact of the data breach. It seems all carrier members of Star Alliance and the One World alliance were directly affected. Although the total number of affected passengers remains unclear, the reported figure is already over 2.1 million. The stolen information includes passenger's service card numbers, status level, and their names.
6. LinkedIn Data Scrape
A message from Securityaffair showed that LinkedIn seems to have experienced another massive data scrape on July 12, for the third time in the past four months. The stolen data includes users' full name, email address, phone number, gender, birth date, locations, and professional titles, etc. The source said the information of 600 million LinkedIn profiles is selling online now.
Data Breaches and Its Consequence
To be short, data breaches make cybercriminals and fraudsters the sure winners.
Here's what happened after a data breach.
Instead of using the data, cyber attackers sell the stolen information for profit. The data that usually contains personal information, email address, phone number, password, and credit card information, etc., will spread among cybercriminals and fraudsters and be a great help to them.
One of the prevailing frauds during the pandemic is account takeover (ATO). Perhaps the following figures could give us a clue about the severity of ATO:
1. ATO rates skyrocketed by 282% between Q2 2019 and Q2 2020 (data from Sift).
2. The value of financial losses from ATO has already reached $7 billion in 2019 (data from PerimeterX).
Account takeover happens when criminals take full control of a legitimate account by using stolen usernames and passwords and then use it for fraud. Research shows 52% of users have the same (or similar) passwords for different services, which means when criminals have the customers' email address, password, and credit card data from one online service, they can basically control those people's accounts on other platforms.
Starting from ATO (also known as account fraud), criminals could easily take further steps, like credential stuffing and carding (or payment fraud).
How to Deal With the Consequence
Organizations and enterprises could take the following steps to secure their customers' accounts:
1. Audit your website's traffic to find out whether there is malicious bot traffic or not, because criminals and fraudsters tend to use bots to automatically and rapidly test the list of log-in credentials.
2. Adopt a bot management system to detect and label ATO attempts in gateways like log-in and checkout.
3. Block the malicious traffic. CAPTCHA is an effective way to identify bad bots by analyzing every attempt on a website or app based on user's behavioral patterns and device & network environments and block them out by rising CAPTCHA challenges to suspicious users.
It seems lucky for those businesses that escaped from data breaches over and over again. However, in the era of big data, a slight change in one part is likely to affect the whole situation. A huge data breach sabotages not only one company, but those companies who may share the same group of customers as well.