Compromised accounts are now detected based on a combination of multiple login parameters.
Attackers using a compromised corporate account for their malicious activities have taken evading detection to the next level.
After incorporating a number of new detections looking at a single login parameter (country, IP address, etc.), Avanan now includes a brand new AI engine designed to inspect all the parameters of login events to pinpoint those that are done by malicious actors.
The parameter list is dynamic and ever-growing, and includes the IP address, browser and browser version, device, VPN brand and many more.
Login events detected by this new engine will flag their corresponding users as compromised (Critical Anomalies).
If you already enabled automatic blocking of compromised accounts, these users will also be blocked automatically.
If you haven’t, you should consider it.