WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Website Related Website Development Tuesday, July 14, 2026 
Add Press Release News | News Feeds Feeds | Email This News Email


Castle Unveils Four Account Takeover Tactics Cyberattackers are Using to Successfully Exploit Users
Thursday, December 19, 2019

"Evolution of Attacks on Online Users" eBook Details Attack Strategies and Tips for Improving Defenses

SAN FRANCISCO, Dec. 12, 2019 /PRNewswire/ -- Castle, the user-centric account security company, today announced the availability of Evolution of Attacks on Online Users eBook. The eBook provides research that illustrates four new tactics cyberattackers are using to successfully take over accounts and exploit users. Castle is continuously researching attacks to improve threat modeling for attack detection and prevention.

Stolen credentials have been linked to some of the largest and most costly data breaches to date, including Equifax and Yahoo, which affected almost half of the US Population. Despite the success of these attacks, attackers continue to search for ways to improve success by tricking security tools to avoid detection.

Traditional success rates of account takeover attacks have been approximately .1%, but over the past year, Castle has discovered new trends in attack patterns with success rates as high as 20-30% in finding valid credentials. The company's research team was analyzing malicious login attempts of 100 million+ worldwide user accounts when it discovered this massive increase for some of its customers. Through its investigations and data analysis, the company identified four new trends in account takeover. Following are the tactics we found attackers are using to improve their success rates as they target user accounts.

    --  Appear Larger - Use More Users, More IPs: The eBook details a real-life
        example where an attacker used 60,000 IPs in 210 countries to complete
        700,000 login attempts in over 10 hours. Although the site saw upticks
        in failed logins over the course of the attack, three failed login
        attempts per hour, per IP didn't raise much suspicion in isolation.
        Ultimately, the attacker got more than 700 validated credentials, which
        they could use to perpetrate an attack.
    --  Appear Local - Use Local IPs: As attackers attempt to emulate as many
        users as possible to blend in, they also want users to appear to be
        coming from countries and locations that won't raise any suspicion. The
        eBook illustrates an attack where the attacker used 1000 IPs, from
        multiple data centers across the U.S. to complete 650K login attempts
        over a 10-hour period without increasing any suspicion.
    --  Appear Better - Use Fake Accounts to Improve Reputation: Attackers
        understand the importance of trust - if an attackers can gain trust,
        they have a better chance of success. In order to establish trust,
        attackers are registering fake, 'canary,' accounts to try to build up
        the reputation of the IPs they plan to use in their attack. The eBook
        provides an example of where an attacker used 6000 fake accounts to
        perform 30K each logins during the course of an attack, meaning that
        each account was logging in every three seconds to keep their
        reputation.
    --  Appear Legitimate - Use Registration and Password Resets: To reduce the
        amount of attempts attackers need to validate their credentials, they
        are exploiting UX features on sites that are meant to make it easier for
        users, including password resets and registration forms. By using
        password resets and registration forms, attackers can quickly identify
        legitimate email addresses which greatly reduces the number that they
        need to keep and try when validating credentials.

"As attackers become more sophisticated, it's our responsibility to conduct the research needed to stay ahead of them," said Johan Brissmyr, co-founder and CEO of Castle. "Detecting new attack trends early on is critical in maintaining both security and user experience which could impact a company's bottom line. Fortunately we discovered these attacks early and kept our customers and their user's accounts protected."

The "Evolution of Attacks on Online Users" eBook also provides tips for companies to improve defenses including implementing IP rules and blacklisting as well as a list of helpful resources and tools. For more information, please see the full eBook here.

About Castle

Castle helps businesses keep their customers' online accounts safe from human-powered account takeovers, automated credential stuffing, risky user transactions and other attacks impersonating users. Castle's user-centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies, and custom workflows for end-to-end account recovery. Unlike traditional solutions, Castle gives users the ability to actively participate in their own account security to keep safe. Castle has also removed complexity for security teams with an easy-to-use, fully automated and developer-friendly solution that enables strong security and keeps user satisfaction at the forefront. Castle is headquartered in San Francisco, CA with offices in Malmo, Sweden and Krakow, Poland.

View original content to download multimedia:http://www.prnewswire.com/news-releases/castle-unveils-four-account-takeover-tactics-cyberattackers-are-using-to-successfully-exploit-users-300974134.html

SOURCE Castle, Inc.



Email This News Email | Submit To Slashdot Slashdot | Submit To Digg.com Digg | Submit To del.icio.us Del.icio.us | News Feeds Feeds

RELATED NEWS ARTICLES
Nav Asetek - Mandatory Notification of Trade | Jan 22, 2026
Nav Tomorrowland Brings the Magic to Shanghai for a Spectacular First Indoor Edition in China | Jan 22, 2026
Nav BC.GAME to Host "Stay Untamed" Night During Abu Dhabi's Packed Web3 Summit Week | Jan 22, 2026
Nav Rent Manager Earned Best Real Estate Software Product Award and Multiple Review Badges from G2 Platform | Jan 22, 2026
Nav Auburn University's Applied Research Institute Expands Advanced Manufacturing Capabilities with CF3D Enterprise Cell | Jan 22, 2026
Nav California Divorce Mediation Center Unveils Modern Website Redesign | Jan 22, 2026
Nav AMPERA ANNOUNCES LOCATION FOR GLOBAL HEADQUARTERS | Jan 22, 2026
Nav Gemmy Alerts Customers: Fake Websites Target Holiday Decorators | Jan 22, 2026
Nav Culture and tourism sectors thrive in Xiamen | Jan 22, 2026
Nav Immutable Announces First Co-Founder-Hosted Live Webinar: How to Dominate Your Steam Launch | Jan 22, 2026
NEWS SEARCH

FEATURED NEWS | POPULAR NEWS
Submit News | View More News View More News