How Distributed Account Takeover Attacks Knockout Online Businesses

Intent Behind Account Takeovers

Analysis of Distributed Account Takeover Attacks

Attack Description

Recommendations: How Enterprises Can Shore Up Their Security Against ATO Attempts

  • Constantly monitor traffic sources and restrict login attempts per session/user/IP address/device.
  • Develop competencies to detect automated behavioral patterns of users and deploy systems that can detect the intent of automated traffic distributed across multiple sessions and sources.
  • Building an accurate bot detection engine is a tightrope act. If you try to eliminate false negatives, you end up with few false positives — and vice versa. Lack of historical labeled data is one of the major concerns for an accurate detection system. The best approach for an organization that is trying to build an ML-powered automated bot management solution, is to create a closed-loop feedback system that dynamically improves the machine-learning models based on signals collected directly from end-users’ behaviors.
  • Monitor and restrict social media login. Ensure that users have unique passwords, and educate users about password re-use to prevent credential stuffing and credential cracking attempts.



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Radware Bot Manager

Radware Bot Manager


Radware Bot Manager(formerly ShieldSquare) is a non-intrusive API-based Bot Management solution to manage bot traffic from website and app.