Hourglass Model 2.0: Case Study of Southeast Asia Underground Services Abusing Global 2FA

Presented at Black Hat Asia 2018, March 22, 2018, 11:45 a.m. (60 minutes)

The presentation starts with the introduction of Hourglass Model 2.0, a research framework allowing researchers with limited access to underground marketplace to further collect security intelligence leads that can be used for both threat prevention and and mitigation plan development. To better understand how to utilise this model, the second part of this talk will use an on-going research on 2FA bypassing underground services based in Southeast Asia, as an example. Researchers took an unseen, underground advertisement and initiated serious research on threat actor profiles, tools, tactics, procedures, victims, and the overall underground market landscape. The presentation is designed to share what we have learned so far and provide early warnings to the security community.

Presenters:

• Anna Chung - Cyber Threat Researcher,
  Anna Chung is a cyber threat researcher who works at the crossroads of cyber threat intelligence, underground economics, and cross cultural communication analysis. Anna has a BA degree from Department of Diplomacy, National Chengchi University, and a Masters degree in International Communication from American University, Washington D.C.. With her social science background, Anna encourages people to tackle the security issue from none-technical perspectives, such as culture, economics, policy, and user behavior.

Links:

• https://www.blackhat.com/asia-18/briefings/schedule/#hourglass-model-20-case-study-of-southeast-asia-underground-services-abusing-global-2fa-9921
• https://www.youtube.com/watch?v=VMLUKmvffO8

Similar Presentations:

• The Last HOPE (2008) / No-Tech Hacking
• DEF CON 15 (2007) / No-Tech Hacking
• DEF CON 1 (1993) / The future of the underground