For years, Hollywood has made money on stories where the main characters go through all kinds of difficulties because someone steals their identity. In these films, the hero or victim whose identity is stolen often ends up with an empty bank account and overwhelming debt. One of the best-known comic examples is the film Identity Thief (2013).
Even though we may find the film funny to varying degrees, the truth is that no-one wants to have to face this situation in real life.
Advances in Cyber Threat Intelligence technologies make it harder for cybercriminals to gain access to stolen bank accounts in order to work their mischief and commit fraud, but it doesn’t stop them. Examples of the techniques used by these technologies are the closing of phishing portals, the creation of malicious domain lists, etc. Essentially, Cyber Threat Intelligence is fully focused on the detection and analysis of threats in order to mitigate them as soon as possible and with as little impact as possible.
Unfortunately, the Internet keeps growing, and focusing security efforts exclusively on the elimination of threats at their root is more and more complex. This is one of the reasons that cybercriminals always seem to be one step ahead.
Moreover, cybercriminals invest large amounts of money in optimizing their Tactics, Techniques and Procedures (TTP). In fact, thanks to this investment in innovation, they find and learn new ways to overcome the barriers and obstacles deployed by old cyber security models based on the detection of static threats.
It is precisely this study of Tactics, Techniques and Procedures that is the source of a new threat we don’t hear much about, but which is silently advancing in sectors as diverse as healthcare or retail. We are talking about Account TakeOver or ATO, which of course also affects the online banking sector in a major way.
This time we aren’t going to go into technical details, in case you don't speak Hacker.
The goal of an ATO is to take control of a user’s online banking. To achieve this, it deploys a series of well-known tactics such as phishing, malware, fraudulent phone calls, keylogger, etc. Sometimes, the victim may not even be aware they have been compromised, because they have been infected without realizing it; one example would be the case of Remote Access Trojans.
Once the cybercriminal gets the account credentials, they access the account and mask their activities so that the bank and the victim take the longest possible amount of time to realize it. The cybercriminal may even use the stolen account credentials obtained to modify the double authentication system and keep control longer.
There are several clear recommendations for users that can help prevent this type of attack: