The theft of accounts in organizations and companies grew again in 2024. According to the ProofPoint cybersecurity firm, 62% of supervised accounts were subject to this type of computer attacks.
Although ransomware and phishing remain the main computer threats, accounts control or their commitment also advances positions. And it is logical taking into account its usefulness for cybercriminals when they try to penetrate an organization for any malicious final.
The report is based on the Analysis of 63 million accounts. ProofPoint says they have access to huge amounts of safety data, including emails, malware, urls, domains, IPS, identity vulnerabilities and attacker tools. Likewise, this cybersecurity company has a wide customer base worldwide, thousands of direct integrations with key services in Cloud, as well as dozens of millions of supervised direct user accounts.
On the organizations that suffered attempts to appropriate accounts, the percentages vary between 95% and 100%, which highlights that these conatos by cybercriminals occur in all sectors. On the other hand, successes in account control show much more variability: by incidence, at one end are the Education sectors (88%), electronics (88%) and aerospace (86%); and, on the other side, legal services (50%), food and drinks (50%) and financial services (47%).
The United States, Germany, Russia, India and the Netherlands lead the list of countries origin of these attacks. As for the main domains that served as a source for these attacks, ProofPoint points to Datacamp.co.uk, Microsoft.com, Amazon.com, Biterika.ru and Cyberassets.AE.
«Since Proofpoint we have observed millions of attempts to theft of accounts each yearwhich is tremendously valuable to refine our detection algorithms. After this study, we can say with confidence that geographical or domain block is not enough to defend against attempts to appropriate accounts. Except for some exceptions, the attackers use the same service providers and accommodation countries as legitimate organizations »explains the company’s research team.
How to limit accounts
Users are usually the weakest link in the chain and therefore the approach of the attackers in COMPROMERT THE ACCOUNTS AS PART OF A LARGEST ATTACK STRATEGY. And it is that threats in the digital world, headed by phishing and ransomware, are increasingly numerous and dangerous and demand from the user responsibility and common sense.
In addition, an optimal defense must be equally strategic: a comprehensive and proactive solution, with security awareness training, preventive in terms of email and reactive security regarding detection and response.
