Account Takeover
highaccount-takeover
Attacker gains control of user accounts through credential stuffing, phishing, or session hijacking
SpoofingElevation of Privilege
MITRE ATT&CK techniques
| ID | Name | Tactic |
|---|---|---|
| T1078 | Valid Accounts | Defense Evasion |
| T1110 | Brute Force | Credential Access |
Common Weakness Enumeration
Mitigating controls
ctrl-takeover-1- Enforce multi-factor authentication (MFA)
ctrl-takeover-2- Implement adaptive authentication based on risk signals
ctrl-takeover-3- Monitor for suspicious login patterns
ctrl-takeover-4- Implement account lockout and notification policies
ctrl-takeover-5- Check credentials against known breach databases