eBook: 4 Tactics Cyberattackers are Starting to Employ in Account Take Over Attacks
Account Takeover Demo 3 - Appearing Better – Using Fake Accounts to Improve Reputation
VP of Marketing
Attackers have started registering and using fake, ‘canary,’ accounts to build up the reputation of the IP addresses they plan to use in account takeover attacks. These accounts give an attacker a window into the site or service they are targeting and help them make vital adjustments that drastically improve the overall effectiveness of their attacks.
This demo shows a large scale attack that is using tens of thousands of IPs to attempt to login to the accounts of thousands of users. Much of the attack traffic comes from fake accounts. The attacker is using these accounts to help them figure out the site’s blacklists, rate limiting rules, and IP reputation policies to help them stay below thresholds and off the radar. Ultimately, if Castle hadn’t been there, this attack would have successfully used the credentials of more than 1600 users to login and steal sensitive data, transfer money, or disrupt services.