Account Takeover (ATO) attacks have been a significant concern in Indonesia, particularly in the context of digital services and cybersecurity. Here are some key points related to ATO attacks in Indonesia:
- Ransomware Attack on PDNS: In June 2024, Indonesia’s Temporary National Data Center (PDNS) experienced a ransomware attack, which disrupted various digital public services, including immigration. The hacking group demanded an $8 million ransom, which the government refused to pay.
- Indonesian consumers are affected by ATOs. A survey by Sift showed that 24% of consumers have been victims of ATO in the past year, up from 18% in 2023. This highlights the need for both consumers and businesses to prioritize account security.
- Biometrics Breach: Although not directly related to ATO, there was a biometrics breach involving the Indonesian Automated Fingerprint Identification System (INAFIS). The leaked data was determined to be old and unrelated to the PDNS hack, but it underscores the broader issue of data security in Indonesia.
Aside from that, account takeover attacks have been increasing across all nations. In Q2 2024, the average ATO attack rate saw a significant 24% increase across the Sift Global Network, rising from 2.9% to 3.6% compared to the same period in 20232. This trend underscores the persistent and growing threat of ATOs all over the nations.
Which Industries Affected?
Account Takeover (ATO) attacks pose a significant risk across various industries, particularly those that handle sensitive information or facilitate online transactions. Here are the most vulnerable sectors:
- E-commerce and Retail: E-commerce platforms often store customer payment information, making them attractive targets for fraudsters. Over 80% of login attempts in this sector raise suspicion, indicating a high volume of malicious activity. Once an account is compromised, attackers can quickly make unauthorized purchases or drain funds.
- Financial Services and Fintech: Banks and fintech companies are prime targets due to the direct access to funds they provide. The financial sector has experienced a significant increase in ATO attacks, with one report indicating a 72% rise over the past year. Attackers aim not only to steal money but also sensitive data for identity theft and money laundering.
- Online Gaming and Gambling: Gaming accounts often hold substantial virtual assets, making them appealing to cybercriminals. Players may have large balances that can be easily exploited once an account is taken over. The social aspect of these platforms can facilitate phishing and malware distribution among users.
- Healthcare: As medical devices become more interconnected, the risk of ATO attacks increases, making this sector particularly vulnerable. Healthcare accounts contain valuable personal information, including medical records and billing details, which can be sold on the dark web or used for identity theft.
- Cloud Storage Services: Cloud accounts often hold critical documents and personal data. Accessing these accounts allows attackers to compromise sensitive information that can lead to further fraud or data breaches.
- Social media: Social media accounts are targeted for the wealth of personal information they contain, which can be used for identity theft or to launch further phishing attacks against contacts.
While all industries are at risk of ATO attacks, those involved in e-commerce, financial services, online gaming, healthcare, cloud storage, and social media face heightened vulnerabilities due to the nature of their operations and the sensitive data they manage. As cybercriminals continue to evolve their tactics, these sectors must prioritize robust security measures to protect against ATO threats. One solution to this problem is ASLI PASS.
Introducing ASLI PASS
ASLI PASS is a next-level verification and authentication system that enhances both user experience and identity protection, effectively preventing account takeover attempts. It increases security, reduces cost, and enhances customer experience by combining one of the most accurate biometric technologies, enabling a seamless and secure digital process.. ASLI PASS uses standard public key cryptography techniques to provide stronger authentication. During registration with an online service, the user’s client device creates a new key pair. It retains the private key and registers the public key with the online service. This system is built with three main technologies: Selfie Verification, Liveness Detection, and Key Authentication.
Preventing ATO attacks can be challenging and consumes a lot of time, effort, and budget. However, with ASLI PASS, it is possible to achieve this once you implement it in your business process, allowing our technology to safeguard every online access and transaction. Contact us now to learn more about how ASLI PASS can help secure your business and customers by sending an inquiry through www.asliri.id/contact.
account takeover Biometric authentication digital security
Last modified: October 7, 2024
