Google: Manual Account Hijacks Much More Dangerous Than Bot Takeovers

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/attacks-breaches/google-manual-account-hijacks-much-more-dangerous-than-bot-takeovers/d/d-id/1317301

By Jai Vijayan
Dark Reading
11/6/2014

Targeted attacks are less common but cause more problems and financial 
losses for victims than nontargeted mass account takeovers, a new report 
from Google says.

Most online account hijacking capers are carried out using automated bots, 
but not all. In fact, some of the most effective and damaging heists 
result from targeted, carefully staged, manual attacks, a new study by 
Google shows.

Researchers at the search company recently reviewed manual account 
hijacking incidents involving users of various Google services from 2011 
to 2014. For the study, the researchers looked at how criminals acquired a 
victim's login credentials to take over an account and how they attempted 
to exploit and monetize that access.

For the purposes of the study, the researchers defined a manual hijack as 
an incident where an attacker spends considerable time exploiting a single 
victim's account for financial gain. They discovered that such incidents 
are extremely rare. In fact, over the period of the study, the researchers 
observed an average of just nine incidents of manual account hijackings 
per million Google users per day.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/