Account takeover assaults have emerged as one of the vital persistent and damaging threats to cloud-based SaaS environments. But regardless of important investments in conventional safety measures, many organizations proceed to wrestle with stopping these assaults. A brand new report, “Why Account Takeover Assaults Nonetheless Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” argues that the browser is the first battleground the place account takeover assaults unfold and, thus, the place they need to be neutralized. The report additionally offers efficient steerage for mitigating the account takeover threat.
Under are a number of the key factors raised within the report:
The Position of the Browser in Account Takeovers
In keeping with the report, the SaaS kill chain takes benefit of the elemental elements which might be contained inside the browser. For account takeover, these embody:
- Executed Internet Pages – Attackers can create phishing login pages or use MiTM over professional net pages to reap and entry credentials.
- Browser Extensions – Malicious extensions can entry and exfiltrate delicate knowledge.
- Saved Credentials – Attackers goal to hijack the browser or exfiltrate its saved credentials to entry SaaS apps.
As soon as the person’s credentials are compromised, the attacker can login to the apps and function with impunity inside. This can be a completely different and far shorter kill chain in comparison with the on-premises kill chain, which can also be why conventional safety measures fail to guard in opposition to it.
Dissecting Account Takeover TTPs
The report then particulars the principle account takeover techniques, strategies and procedures (TTPs). It analyzes how they function, why conventional safety controls are ineffective in defending in opposition to them, and the way a browser safety platform can mitigate the chance.
1. Phishing
The danger: Phishing assaults abuse the way in which the browser executes the webpage. There are two most important kinds of phishing assaults: a malicious login web page or intercepting a professional one to seize session tokens.
The safety failure: SSE options and firewalls can’t defend in opposition to these assaults for the reason that malicious net web page elements can’t be seen in community site visitors. Because of this, the phishing elements are capable of enter the perimeter and the person’s endpoint.
The answer: A browser safety platform offers visibility into the execution of net pages and analyzes each executed element, detecting phishing actions like credential enter fields and MiTM redirection. Then, these elements are disabled inside the web page.
2. Malicious Browser Extensions
The danger: Malicious extensions exploit the excessive privileges enabled by customers to regulate the browser’s exercise and knowledge, taking up saved credentials.
The safety failure: EDRs and EPPs usually have implicit belief in browser processes, making extensions a safety blind spot.
The answer: A browser safety platform offers visibility and threat evaluation of all extensions and routinely disables malicious ones.
3. Authentication and Entry through a Login Web page
The danger: As soon as the attacker obtains credentials, they’ll entry the focused SaaS app.
The safety failure: IdPs wrestle to distinguish between malicious and bonafide customers and MFA options are sometimes not absolutely carried out and adopted.
The answer: A browser safety platform displays all saved credentials within the browser, integrates with the IdP to behave as a further authentication issue, and enforces entry from the browser to stop entry by way of compromised credentials.
What’s Subsequent for Safety Choice Makers
The browser has change into a important assault floor for enterprises, and account takeover assaults exemplify its threat and the necessity to adapt the organizational safety method. LayerX has recognized {that a} browser safety resolution is the important thing element in that shift, countering current assault strategies that may power attackers to reevaluate their steps. Learn the total report .