"Dormant Accounts Are a Low-Hanging Fruit for Attackers"

According to Oort, zero-day flaws are no longer required for successful system attacks, as threat actors increasingly focus on compromising identities through techniques such as evading multi-factor authentication (MFA), hijacking sessions, and brute-forcing passwords. In the past year, account takeover (ATO) made up the most successful breaches. Matt Caulfield, CEO of Oort, explains that this finding indicates how simple organizations make it for attackers to target their identities and execute effective ATO attacks. Identity and Access Management (IAM) and security teams lack the necessary visibility and control to identify these risks, leaving them blind to the most common threats they are expected to face, including ATO. Oort reports that 40.26 percent of accounts in the average company have either poor second factors or none at all, leaving them open to phishing and social engineering attacks. Additionally, only 1.82 percent of all logins used phishing-resistant second factors. The absence of robust MFA adoption has consequences not only for potential ATO attacks, but also for regulatory compliance, citing a number of compliance frameworks with MFA requirements. The analysis reveals that the accounts most frequently targeted are either inactive or those belonging to CEOs and administrators. Dormant accounts are the easiest target for attackers, yet they make up 24.15 percent of all accounts in the average organization. This article continues to discuss key findings shared by Oort on the use of weak second factors by companies, the rise in dormant accounts, and MFA adoption. 

Help Net Security reports "Dormant Accounts Are a Low-Hanging Fruit for Attackers"