Anatomy of Account Takeover - Understanding Threats and Defenses

Explore the anatomy of account takeovers in this 17-minute conference talk from USENIX Enigma 2018. Delve into the ecosystem supporting credential theft, the dangers posed to users, and the importance of automatic, defense-in-depth risk detection systems. Learn about the likelihood of users falling victim to data breaches, phishing, or malware, and how hijackers exploit stolen credentials. Examine how identity providers can use risk analysis and login challenges to enhance security for password-only users. Discover the practical weaknesses of certain login challenges and the evolving tactics of attackers. Gain insights into ongoing challenges, including the disconnect between public opinion and necessary security measures, and discuss potential industry solutions to improve overall account security.

Syllabus

Intro
Online accounts are valuable targets
The three avenues of password theft
Commoditization of abuse
The wares on sale
Users reuse passwords
Hijacking likelihood* Compared to a general active account, how much more likely it is that you will be a victim of hacking if we know
Adoption of additional security is low
Sign-in risk detection
Dimensionality of risk
Geocloaking
Dynamic 2FA: Ask for additional verification
Choose the challenge that minimizes damage
Secondary e-mail verification
SMS code
Google Prompt
Hijacking monetization
Bringing the user into the loop
Finding the hijacker in-session