The Future of ATO

Explore the evolving landscape of Account Takeover (ATO) in this 51-minute Black Hat conference talk by Philip Martin. Delve into the challenges faced by online security professionals as they grapple with password megalists, massive PII breaches, and increasingly sophisticated attackers. Examine the unique perspective of Coinbase, one of the world's largest consumer cryptocurrency platforms, as they navigate the delicate balance between usability and security. Gain insights into emerging threats such as SIM swapping, account recovery abuse, critical phishing, credential stuffing, and botnet proliferation. Learn about countermeasures including ratelimiting, challenge-response systems, and list validation. Discuss the role of social engineering and banking malware in ATO attacks. Conclude with a Q&A session to address the future of online security and potential solutions to combat evolving ATO techniques.

Introduction
Future of ATO
Sim Swapping
Account Recovery Abuse
Critical Phishing
Credential stuffing
Botnet proliferation
Ratelimiting
Challenges
List Validation
Social Engineering
Answer Mocks
What do we do
Banking malware
Bottom line
Questions