Disorder In The Court: Unintended Consequences Of Account Takeover (ATO)
Security Boulevard, Wednesday, November 20th, 2024
The most common ATO threat that individuals and businesses imagine affecting them is their accounts getting hijacked- e.g. a threat actor uses credential stuffing to login to your netflix account, and enjoys some free entertainment on your dime (or sells the account for a few dollars).or in a more serious scenario, accesses an employee's corporate email to send phishing emails to other employees and gain access to the internal network to install ransomware.
A recent FBI alert (as reported by Brian Krebs) highlighted an interesting and dangerous consequence of account takeover (ATO). As the FBI alert states, 'cybercriminals are likely gaining access to compromised US and foreign government email addresses and using them to conduct fraudulent emergency data requests.'
These email accounts are then used to make Emergency Data Requests, a type of legal requisition for information or action that bypasses much of the usual authorization process. The personal information obtained can be used for scamming, but the FBI warns that these requests can also be used to freeze and seize bank and cryptocurrency accounts.