SlideShare a Scribd company logo

The rise of account takeover

Download as PPTX, PDF
4
4ndersonLin

This document discusses account takeover (ATO) risks in the digital world. ATO occurs when attackers steal users' personal information or credentials to access their existing accounts. The document outlines how attackers conduct ATOs using tools like credential spraying, botnets, and captcha solving services. It also provides examples of real ATO cases. The key recommendations are for companies to implement login protections like multi-factor authentication and behavior monitoring, and for users to properly manage their personal accounts with strong passwords, breach alerts, and awareness of social engineering tactics. Working together, companies and users can help reduce ATO risks.

Related slideshows

How to make yourself hard to hack! slide share presentation
How to make yourself hard to hack! slide share presentationHow to make yourself hard to hack! slide share presentation
How to make yourself hard to hack! slide share presentation
 
War against Identity Theft and Phising attack
War against Identity Theft and Phising attack War against Identity Theft and Phising attack
War against Identity Theft and Phising attack
 
Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginners
 
1 of 32
數位資產安全 The Rise of Account Takeover 帳號盜取的崛起 - 數位身份的風險與保護
4ndersonLin Whois I am Anderson MaiCoin Security Engineer Too many interests
Agenda ➔ Introduction the risk ➔ Know the ATO ➔ Actions ➔ Conclusions
The rise risk of digital world Account takeover(ATO) is one of the risk but rise rapidly Everything is in correlation Scam and fraud are follow
The rise risk of digital world 31 % increase Year by year
The rise risk of digital world Reach 25.6B$ by 2020 Reference: Juniper research
Large Scale Breach Reference: Jimio research
The rise risk of digital world 550B documents on darkweb Reference: Trend Micro
Account Takeover
What is Account Takeover(ATO) Bad guy stolen customer’s PII or credential to access their existing account.
Attacker side
Attacker do this Credentials Spray Anti-Detection Single request Darkweb Social engineering Search and download Spray the target site Rate limit -> Botnet Bot -> Run with browser automation tool Captcha -> Bypass captcha tools Reputation list -> Cloud service Send few requests per IP
Attacker do this: Breach
Attacker do this Bypass tool Hard way: Find Insecure Captcha https://github.com/ecthros/uncaptcha2 Easy way: https://anti-captcha.com … lots of service
In The Wild The real world
Real world Attack map
Real world Phishing tool BYPASS Google 2FA
After we know the ATO
After we know the ATO... We know the risk and ... TAKE ACTION!!
Before we TAKE ACTION! Everything is in correlation. Responsibility between us. We Do + You Do = Make It Perfect You DoWe Do
TAKE ACTION! We Do The prevention techs ✅ Rate limit ✅ Botnet detection ✅ Captcha ✅ Customize blacklist ✅ Threat intelligence
TAKE ACTION! We Do Login protection ✅ Default 2FA ✅ New IP authorization ✅ Device binding ✅ Auto lock Behavior rules ✅ Based on context
TAKE ACTION! We Do Test breach before attacker
TAKE ACTION! We Do Tell our customer what to do MAX MaiCoin Medium
TAKE ACTION! You Do Personal account management ✅ Use the password manager ✅ Setting breach alert (FireFox Monitor) ✅ Setting 2FA for critical service
TAKE ACTION! You Do Be aware of social engineering 💀 Phishing mail 💀 Phishing website 💀 Phishing instant message 💀 Malware as fake software
TAKE ACTION! You Do Choose the good vendor ✅ They should tell you how to protect yourself ✅ Provides security feature ✅ Provides security guide ✅ Provide strong 2FA : https://twofactorauth.org/#email
Conclusions
Conclusions Understand the The risk of ATO Read the tools and real case How we protect our service What you can do TODAY
What’s Next?
MaiCoin HQ FB粉絲團
thanks! Any questions? You can find me at anderson@maicoin.com security@maicoin.com

More Related Content

The rise of account takeover

Editor's Notes

  1. https://vimeo.com/308709275 https://haveibeenpwned.com/ https://monitor.firefox.com/ https://twofactorauth.org/#email
  2. 在開始之前 我想知道現場有多少人有聽過Account takeover這個名詞 當然大家最關心的是手上的資產被盜 接下來帶大家來看一些數字
  3. ATO導致的受害者 每年以31%的速度增加
  4. 數位交易損失會因為ATO達到25.6B
  5. 近期的還有Instagram的leak 前幾天還有iphone會顯示錯誤個資
  6. Darkweb裡面還有550B的文件 然後這些獨立的文件也包含了大量的breach
  7. 那我們接下來看這些攻擊者是怎麼做的
  8. For hacker
  9. 為什麼會是一個箭頭的方式呈現 因為這是有階段的 因為發現攻擊後 防禦者會開始進化 當然攻擊者也會 Password Spray就可以找到很多工具
  10. 大全套 只要3EU
  11. Uncaptcha2 用���音辨識繞過語音辨識的recaptcha
  12. 百萬~千萬 level attack
  13. https://vimeo.com/308709275
  14. 延續前面提到 所有事情皆有關聯 調查一下 現場有多少人平常有password manager ? have 有多少人在自己的mail使用2FA?
  15. 有些ISP提供的mail不支援2FA