The rise of account takeover
- 4. The rise risk of digital world
Account takeover(ATO) is one of the risk but rise rapidly
Everything is in correlation
Scam and fraud are follow
- 6. The rise risk of digital world
Reach 25.6B$ by
2020
Reference: Juniper research
- 8. The rise risk of digital world
550B documents on
darkweb
Reference: Trend Micro
- 10. What is Account Takeover(ATO)
Bad guy stolen customer’s PII or credential to access their existing
account.
- 12. Attacker do this
Credentials Spray Anti-Detection Single request
Darkweb
Social engineering
Search and download
Spray the target site
Rate limit -> Botnet
Bot -> Run with browser automation tool
Captcha -> Bypass captcha tools
Reputation list -> Cloud service
Send few requests per IP
- 14. Attacker do this
Bypass tool
Hard way:
Find Insecure Captcha
https://github.com/ecthros/uncaptcha2
Easy way:
https://anti-captcha.com
… lots of service
- 19. After we know the ATO...
We know the risk and ...
TAKE ACTION!!
- 20. Before we TAKE ACTION!
Everything is in correlation.
Responsibility between us.
We Do + You Do = Make It Perfect
You DoWe Do
- 21. TAKE ACTION!
We Do
The prevention techs
✅ Rate limit
✅ Botnet detection
✅ Captcha
✅ Customize blacklist
✅ Threat intelligence
- 22. TAKE ACTION!
We Do
Login protection
✅ Default 2FA
✅ New IP authorization
✅ Device binding
✅ Auto lock
Behavior rules
✅ Based on context
- 25. TAKE ACTION!
You Do
Personal account management
✅ Use the password manager
✅ Setting breach alert (FireFox Monitor)
✅ Setting 2FA for critical service
- 26. TAKE ACTION!
You Do
Be aware of social engineering
💀 Phishing mail
💀 Phishing website
💀 Phishing instant message
💀 Malware as fake software
- 27. TAKE ACTION!
You Do
Choose the good vendor
✅ They should tell you how to protect yourself
✅ Provides security feature
✅ Provides security guide
✅ Provide strong 2FA : https://twofactorauth.org/#email
Editor's Notes
- https://vimeo.com/308709275
https://haveibeenpwned.com/
https://monitor.firefox.com/
https://twofactorauth.org/#email
- 在開始之前 我想知道現場有多少人有聽過Account takeover這個名詞
當然大家最關心的是手上的資產被盜
接下來帶大家來看一些數字
- ATO導致的受害者 每年以31%的速度增加
- 數位交易損失會因為ATO達到25.6B
- 近期的還有Instagram的leak 前幾天還有iphone會顯示錯誤個資
- Darkweb裡面還有550B的文件 然後這些獨立的文件也包含了大量的breach
- 那我們接下來看這些攻擊者是怎麼做的
- For hacker
- 為什麼會是一個箭頭的方式呈現 因為這是有階段的 因為發現攻擊後 防禦者會開始進化 當然攻擊者也會
Password Spray就可以找到很多工具
- 大全套 只要3EU
- Uncaptcha2 用���音辨識繞過語音辨識的recaptcha
- 百萬~千萬 level attack
- https://vimeo.com/308709275
- 延續前面提到 所有事情皆有關聯
調查一下 現場有多少人平常有password manager ? have 有多少人在自己的mail使用2FA?
- 有些ISP提供的mail不支援2FA