Account takeover assaults have emerged as some of the persistent and damaging threats to cloud-based SaaS environments. But regardless of vital investments in conventional security measures, many organizations proceed to wrestle with stopping these assaults. A brand new report, “Why Account Takeover Attacks Nonetheless Succeed, and Why the Browser is Your Secret Weapon in Stopping Them” argues that the browser is the first battleground the place account takeover assaults unfold and, thus, the place they need to be neutralized. The report additionally offers efficient steerage for mitigating the account takeover danger.
Beneath are a few of the key factors raised within the report:
The Position of the Browser in Account Takeovers
Based on the report, the SaaS kill chain takes benefit of the elemental parts which might be contained throughout the browser. For account takeover, these embrace:
- Executed Net Pages – Attackers can create phishing login pages or use MiTM over authentic internet pages to reap and entry credentials.
- Browser Extensions – Malicious extensions can entry and exfiltrate delicate information.
- Saved Credentials – Attackers intention to hijack the browser or exfiltrate its saved credentials to entry SaaS apps.
As soon as the consumer’s credentials are compromised, the attacker can login to the apps and function with impunity inside. It is a totally different and far shorter kill chain in comparison with the on-premises kill chain, which can also be why conventional security measures fail to guard towards it.
Dissecting Account Takeover TTPs
The report then particulars the principle account takeover ways, methods and procedures (TTPs). It analyzes how they function, why conventional security controls are ineffective in defending towards them, and the way a browser security platform can mitigate the danger.
1. Phishing
The chance: Phishing assaults abuse the best way the browser executes the webpage. There are two primary kinds of phishing assaults: a malicious login web page or intercepting a authentic one to seize session tokens.
The safety failure: SSE options and firewalls can’t defend towards these assaults for the reason that malicious internet web page parts can’t be seen in community visitors. Consequently, the phishing parts are in a position to enter the perimeter and the consumer’s endpoint.
The answer: A browser security platform offers visibility into the execution of internet pages and analyzes each executed part, detecting phishing actions like credential enter fields and MiTM redirection. Then, these parts are disabled throughout the web page.
2. Malicious Browser Extensions
The chance: Malicious extensions exploit the excessive privileges enabled by customers to manage the browser’s exercise and information, taking on saved credentials.
The safety failure: EDRs and EPPs usually have implicit belief in browser processes, making extensions a security blind spot.
The answer: A browser security platform offers visibility and danger evaluation of all extensions and mechanically disables malicious ones.
3. Authentication and Entry by way of a Login Web page
The chance: As soon as the attacker obtains credentials, they’ll entry the focused SaaS app.
The safety failure: IdPs wrestle to distinguish between malicious and legit customers and MFA options are sometimes not totally carried out and adopted.
The answer: A browser security platform screens all saved credentials within the browser, integrates with the IdP to behave as a further authentication issue, and enforces entry from the browser to stop entry by means of compromised credentials.
What’s Subsequent for Safety Choice Makers
The browser has change into a crucial assault floor for enterprises, and account takeover assaults exemplify its danger and the necessity to adapt the organizational security strategy. LayerX has recognized {that a} browser security answer is the important thing part in that shift, countering current assault methods that may power attackers to reevaluate their steps. Learn the total report .
