O slideshow foi denunciado.
Seu SlideShare está sendo baixado. ×

Automated Fraud

Mais Conteúdo rRelacionado

Livros relacionados

Gratuito durante 30 dias do Scribd

Ver tudo

Automated Fraud

  1. 1. Automated Fraud June 28th 2017
  2. 2. - - - - - Account takeover and abuse - Price and content scraping - DDOS - Ad fraud What are bots? 2
  3. 3. Bot evolution: bots are evolving rapidly Gen 4 Bots - Infected Users Hijacked Browsers, Fake Extensions Gen 3 Bots - Headless Browsers Javascript, Cookies, Engine Automation Gen 2 Bots - Scripts + State No Javascript, Cookies Gen 1 Bots - Scripts No Javascript, No Cookies
  4. 4. Websites are the new bank ▪ ▪ ▪ ▪
  5. 5. 5 The Attack Vector BOT ATTACK ATO attack 8% Success (varies based on database) Yahoo! 1B MySpace 360M LinkedIn 164M Adobe 153M Badoo 112M VK 93M Dropbox 69M Tumblr 65M Mod Bus Soln 59M Login databases stolen 100K accounts / $10 Validated account ~$3 Site fraud BOT ATTACK ▪ ▪ ▪
  6. 6. 6 They come in large numbers... Botnet Attack ▪ ▪ ▪ ▪ 77% of this attack would go unnoticed by volumetric detection
  7. 7. 7 … and from everywhere Gen 2 Bots No Javascript, Cookies IoT Device Attack ▪ ▪ ▪ ▪
  8. 8. ROI ▪ ▪
  9. 9. How To Fight Back 9
  10. 10. Basic techniques 10 ▪ Support multi-factor-authentication ▪ Encrypt or hash stored credentials ▪ Have good password practices Don’t be one these guys http://badpasswordpolicies.tumblr.com/
  11. 11. Monitor correctly ▪ Separate API from website – different endpoint URL ▪ Monitor logins for anomalies and spikes ▪ Lookup suspicious user-agents in github (and not just google) http://mstajbakhsh.github.io/Microbot/ 11
  12. 12. Detect 12 ▪ Validate user is running javascript ▪ Validate a cookie ▪ Device fingerprint (https://github.com/Valve/fingerprintjs2) ▪ Track legitimate flow
  13. 13. Recommended resources ▪ Have I been Pwned by Troy Hunt - https://haveibeenpwned.com/ ▪ Biggest breaches - http://www.informationisbeautiful.net/visualizations/worlds-biggest-da ta-breaches-hacks/ ▪ Detection labs - https://github.com/PerimeterX/bot-tools ▪ Device Fingerprinting - https://github.com/Valve/fingerprintjs2)

×