The Anatomy of Account Takeover Attacks

April 27, 2018 Anna Westelius

The Distil Research Lab released their latest threat research report called The Anatomy of Account Takeover Attacks revealing that bad bots are on every website with a login page. Even yours.

Here’s the key findings from the report:

  • Every website with a login page is under attack - 100% of websites researched suffered from account takeover attacks (ATO).
  • Bot operators are evenly split in how they carry out ATO attacks -  50% of ATO attacks come in the form of volumetric credential stuffing, and the other half are through low and slow credential stuffing and credential cracking.
  • Attacks increase after a data breach is made available on the dark web - In the days following a public breach, websites experience 3X more credential stuffing attacks than the average of 2-3 attacks per month.
  • Almost 20 percent of all analyzed attacks were preceded by a smaller scale “test round” a few days prior - Some perpetrators test their bad bots a few days before a large scale account takeover attack. While such tests are smaller in scale, any baseline anomaly from failed logins should be investigated.
  • Websites are most likely to experience ATO attacks on a Friday or Saturday. 39%  of volumetric ATO attacks occur on a Friday or Saturday. This indicates that bot operators schedule attacks when it is presumed that fewer security professionals will be around to notice anomalies.

Download your copy of The Anatomy of Account Takeover Attacks.


About the Author

Anna Westelius

Anna leads the Distil Professional Services Security Analysts, a team of experts who helps companies manage their bot mitigation strategy. Her team works around the clock to identify emerging threats, creates complex blocking policies and researches bots. Prior to Distil she was heading the anti-scraping services at ScrapeSentry.

More Content by Anna Westelius
Previous Article
Infographic: Anatomy of Account Takeover Attacks
Infographic: Anatomy of Account Takeover Attacks

In this account takeover study, Distil Networks now sees bad bot traffic on 100% of all monitored login pag...

Next Article
9 Recommendations to Prevent Bad Bots on Your Website
9 Recommendations to Prevent Bad Bots on Your Website

Bots are on your website every day. Every site is targeted for different reasons, and usually by different ...