| According to 2024 statistics, the United States is one of the top countries for account compromises or account takeovers (ATOs). Microsoft and Amazon are among the top five domain sources for these attacks. The percentages of targeted and impacted industries are relatively prevalent across the board. The NJCCIC continues to receive reports of compromised accounts for New Jersey residents, businesses, and local governments. These reported compromised accounts include email accounts, social media platforms, bank accounts, cryptocurrency wallets, and utility companies. |
| One of the ways threat actors compromise accounts is by using information from data breaches to target potential victims via social engineering tactics. Threat actors convince their targets to take action, divulge sensitive information, or inadvertently install malware to gain unauthorized access to legitimate user accounts. Besides phishing campaigns, threat actors increasingly exploit mobile devices and their apps in mishing attacks to compromise accounts, infiltrate networks, and steal data. Mobile platforms contain unique features and vulnerabilities, including text messages, voice calls, and QR codes. Mishing is a growing threat to individuals and organizations, as evident in recent SMiShing, vishing, and quishing campaigns. The prevalence of mishing is due to increased mobile usage, the expanded attack surface of remote work on personal devices, extensive access to sensitive information, and little or no security protections. |
| Once an account is compromised, threat actors impersonate the victim to conduct further malicious activity, such as changing account information, sending communications on their behalf, transferring funds, installing malware, exfiltrating data, and more. On average, threat actors can move from initial compromise to privilege escalation to lateral movement in approximately less than an hour, and the objectives of their full targeted attack can take four hours and 29 minutes. These timeframes are concerning as users or administrators take longer to identify and remediate. |