Flare has released a report that brings to light the significant costs and widespread implications of end user account compromises due to account and session takeover attacks.
Account takeover attacks, primarily through session hijacking, allow attackers to bypass standard security measures, such as multi-factor authentication. The report identifies session cookies as key tools for attackers, as they facilitate authentication bypass. Coupled with stealer logs and various tools like VPNs, cybercriminals can conduct session takeovers effectively.
According to Flare's report titled "The Account and Session Takeover Economy: Defining Exposure, Costs, and Impact of Compromised End User Accounts", session hijacking is increasingly prevalent across industries and is significantly impacting the economy of organisations that fall victim to such attacks.
The report's findings, based on research and data collection efforts stretching over around four years, indicate that the number of exposed accounts is growing at an average rate of 28% per annum. The fintech sector exhibits the highest growth rate at 32% annually.
Organisations are facing economic challenges in several areas, including increased labour costs for conducting security investigations, fraud losses stemming from account takeovers, and annual revenue losses due to customer churn.
The report reveals stark industry differences in exposure rates, with social media, cloud applications, and entertainment platforms experiencing the highest numbers of average monthly compromised sessions, tallying at 462,000, 239,000, and 140,000, respectively.
The findings underscore the necessity for developed account takeover prevention strategies. The report emphasises the importance of employing automated identity intelligence, implementing session re-authentication policies, and conducting early exposure detection to mitigate the risks associated with session hijacking.
In line with this, Flare has launched its own solution, Flare Account and Session Takeover Prevention (ASTP), aimed at aiding large consumer SaaS web applications in defending against customer account takeovers.
The ASTP service compiles a comprehensive dataset of leaked credentials and active session cookies, which organisations can access and apply via API. This enables them to promptly invalidate active sessions, proactively counteract fraud, and enhance their security posture against cyber threats.
"Monitoring and managing compromised session cookies remains a significant blind spot across the industry," highlighted Jason Haddix, Field CISO at Flare. "Account and session takeover attacks are costing organizations tens of millions of dollars annually, and yet security teams are not taking the threat seriously enough - over 40% of corporate security teams don't terminate active sessions in response to corporate security incidents."
Nick Ascoli, Director of Product Strategy at Flare, stated, "There is a significant need for security teams to improve or augment their detection and response strategies, and shift to proactively identifying, monitoring, and remediating exposed sessions before they can be exploited. With Flare ASTP, security teams have access to a combination of existing leaked credentials API alongside the new 'Cookie Jar' API, to help them effectively identify compromised user accounts and sessions and stop these threats."
