Beyond Takeover – Attacker’s in. Now what?

Presented at AppSec USA 2017, Sept. 22, 2017, 3:30 p.m. (45 minutes).

We have been conducting ongoing research on the dynamics of credential theft. Our intent was to learn about how accounts are being taken over once credentials are compromised through a Phishing campaign. It is a "victim's POV" approach to Phishing research that has not been taken to date. In our "beyond takeover" research, we maintained 57 fake identities through a period of 6 months in platforms well-known as phishing targets like Google and Facebook. We invited attackers in by admitting the credentials of these accounts to selected phishing campaigns and traced the activity of the attackers in the accounts. In this session, we will share our findings from this research. We will present takeover stories and some statistics for interesting questions. After falling into a phishing trap and giving one's password to a fake site, how long does is take until someone will actually get into his or her account for the first time? What does the attacker look for in the hacked account? Where do they look first and which decoys attract their attention? Which security practices do attackers use when sniffing out a hacked account (hiding their geo-location or covering their tr

Presenters:

  • Itsik Mantin - Director of Security Research - Imperva
    Mantin is a Director of Security Research at Imperva, leading research on cyber threats and innovative security technology. Over the last 17 years Mantin has been researching, innovating and problem solving in various security-related domains, including cyber threats on data systems, application security, DRM systems, automotive systems protection, and more. Significant portion of his work in the field was on the mathematical aspects of security - cryptography and cryptanalysis, statistical modeling of traffic patterns, anomaly detection mechanisms, fingerprinting and watermarking, and more. Mantin holds an M. Sc. in Applied Math and Computer Science from the Weizmann Institute.

Links:

Similar Presentations: