This Threat Spotlight was authored by Asaf Cidon with research support from Grant Ho of the Barracuda Sentinel team.
Account takeover incidents, where attackers steal the credentials of employees and use them to send emails from the user's real account, are increasing in frequency and magnitude. In this Threat Spotlight, we take a closer look at the motives and demographics behind these attacks.
Account Takeover – attackers attempt to steal user credentials in order to launch attacks from an internal account.
Account takeover (ATO) attacks have multiple objectives. Some attackers try to use the hacked email account to launch phishing campaigns that will go undetected, some attackers steal credentials of other employees and sell them in the black market, and others use the account to conduct reconnaissance to launch personalized attacks. The most sophisticated attackers steal the credentials of a key employee (e.g., CEO or CFO), and use them to launch a Business Email Compromise attack from the real employee's email address.
Asaf Cidon is vice president of content security services at Barracuda Networks. In this role, he is one of the leaders for Barracuda Sentinel, the company's AI solution for real-time spear phishing and cyber fraud defense. Barracuda Sentinel utilizes artificial intelligence to learn the unique communications patterns inside customer organizations to identify anomalies and guard against these personalized attacks. Asaf was previously CEO and co-founder of Sookasa, a cloud storage security startup that was acquired by Barracuda. Prior to that, he completed his PhD at Stanford, where his research focused on cloud storage reliability and performance. He also worked at Google’s web search engineering team. Asaf holds a PhD and MS in Electrical Engineering from Stanford, and BSc in Computer Engineering from the Technion.