[ISN] Google: Manual Account Hijacks Much More Dangerous Than Bot Takeovers

http://www.darkreading.com/attacks-breaches/google-manual-account-hijacks-much-more-dangerous-than-bot-takeovers/d/d-id/1317301 By Jai Vijayan Dark Reading 11/6/2014 Targeted attacks are less common but cause more problems and financial losses for victims than nontargeted mass account takeovers, a new report from Google says. Most online account hijacking capers are carried out using automated bots, but not all. In fact, some of the most effective and damaging heists result from targeted, carefully staged, manual attacks, a new study by Google shows. Researchers at the search company recently reviewed manual account hijacking incidents involving users of various Google services from 2011 to 2014. For the study, the researchers looked at how criminals acquired a victim’s login credentials to take over an account and how they attempted to exploit and monetize that access. For the purposes of the study, the researchers defined a manual hijack as an incident where an attacker spends considerable time exploiting a single victim’s account for financial gain. They discovered that such incidents are extremely rare. In fact, over the period of the study, the researchers observed an average of just nine incidents of manual account hijackings per million Google users per day. […]