YoVDO

Anatomy of Account Takeover - Understanding Threats and Defenses

Offered By: USENIX Enigma Conference via YouTube

Tags

Cybersecurity Courses Phishing Courses Data Breaches Courses Two-Factor Authentication Courses Password Security Courses Credential Theft Courses

Course Description

Overview

Explore the anatomy of account takeovers in this 17-minute conference talk from USENIX Enigma 2018. Delve into the ecosystem supporting credential theft, the dangers posed to users, and the importance of automatic, defense-in-depth risk detection systems. Learn about the likelihood of users falling victim to data breaches, phishing, or malware, and how hijackers exploit stolen credentials. Examine how identity providers can use risk analysis and login challenges to enhance security for password-only users. Discover the practical weaknesses of certain login challenges and the evolving tactics of attackers. Gain insights into ongoing challenges, including the disconnect between public opinion and necessary security measures, and discuss potential industry solutions to improve overall account security.

Syllabus

Intro
Online accounts are valuable targets
The three avenues of password theft
Commoditization of abuse
The wares on sale
Users reuse passwords
Hijacking likelihood* Compared to a general active account, how much more likely it is that you will be a victim of hacking if we know
Adoption of additional security is low
Sign-in risk detection
Dimensionality of risk
Geocloaking
Dynamic 2FA: Ask for additional verification
Choose the challenge that minimizes damage
Secondary e-mail verification
SMS code
Google Prompt
Hijacking monetization
Bringing the user into the loop
Finding the hijacker in-session


Taught by

USENIX Enigma Conference

Related Courses

Cyber Security Foundations: Common Malware Attacks and Defense Strategies
EC-Council via FutureLearn
Escudo Digital: Ciberseguridad para Protección de Datos y Sistemas
Universidad Anáhuac via edX
Cyber Security Awareness and Solutions
Packt via FutureLearn
Phishing
Cybrary
Social Engineering
Cybrary