Report illustrates importance of Flare's recently released Account and Session Takeover Prevention (ASTP)

Flare , the global leader in Threat Exposure Management, has published a new report that highlights the significant costs and widespread impact of compromised end user accounts from account and session takeover attacks.

Session hijacking has emerged as the preeminent way for cybercriminals to execute account takeover attacks - enabling attackers to bypass traditional and widely used security measures such as multi-factor authentication. Session cookies have become particularly valuable to attackers because they allow them to bypass authentication entirely. By pairing these cookies with other artifacts from stealer logs, and using tools like VPNs and anti-detect browsers, attackers can easily execute session takeovers.

In its report, " The Account and Session Takeover Economy: Defining Exposure, Costs, and Impact of Compromised End User Accounts ", the Flare team explores the prevalence of session hijacking across a number of industries, highlighting the increasing role in account takeover incidents and the economic impact for organizations.

Through their research and data collection efforts over approximately four years, Flare has uncovered that:

The number of exposed accounts is growing at an average of 28% annually Fintech represents the highest annual growth rate at 32%

There is significant economic impact for organizations on a number of fronts, including: Labor costs for security investigations Fraud losses from account takeovers Lost revenue each year through customer churn

Exposure rates vary by industry, with the highest numbers of average monthly compromised sessions occurring in: Social media (462,000/month) Cloud applications (239,000/month) Entertainment platforms (140,000/month)



The report illustrates the urgent need for proactive account takeover prevention strategies, emphasizing the role of automated identity intelligence, session re-authentication policies, and early exposure detection in mitigating the risks associated with session hijacking.

In response, Flare has recently introduced Flare Account and Session Takeover Prevention (ASTP) , which is designed to help large consumer SaaS web applications prevent the takeover of customer accounts.

Flare ASTP tackles the challenges faced by organizations by collecting and maintaining a world-class dataset of leaked credentials and active session cookies. Organizations can easily access and operationalize this data via API, enabling them to quickly revoke active sessions, proactively combat fraud, and strengthen the security of their users. Flare ASTP fills a critical gap in ATO prevention by addressing the threat posed by stolen cookie sessions, which has become the path of least resistance for cybercriminals to take over accounts.

"Monitoring and managing compromised session cookies remains a significant blind spot across the industry," said Jason Haddix, Field CISO at Flare. "Account and session takeover attacks are costing organizations tens of millions of dollars annually, and yet security teams are not taking the threat seriously enough - over 40% of corporate security teams don't terminate active sessions in response to corporate security incidents."

"There is a significant need for security teams to improve or augment their detection and response strategies, and shift to proactively identifying, monitoring, and remediating exposed sessions before they can be exploited," said Nick Ascoli, Director of Product Strategy at Flare. "With Flare ASTP, security teams have access to a combination of existing leaked credentials API alongside the new "Cookie Jar" API, to help them effectively identify compromised user accounts and sessions and stop these threats."

Visit the Flare website to learn more about Flare ASTP, and download Flare's recent report, " The Account and Session Takeover Economy " to read more about the organizational impact of account takeover attacks.

About Flare

Flare is the leader in Threat Exposure Management, helping organizations of all sizes detect high-risk exposures found on the clear and dark web. Combining the industry's best cybercrime database with a ridiculously intuitive user experience, Flare enables customers to reclaim the information advantage and get ahead of threat actors. For more information, visit https://flare.io .

