How to spot and stop a wolf in sheep’s clothing – AKA Account Takeover (room 1)

Nick Malcolm

Security Consultant @ SafeStack

How to spot and stop a wolf in sheep’s clothing – AKA Account Takeover (room 1)

10:30 AM 9 September, 2017

Over 80% online breaches involve the use of weak or stolen passwords. It’s not new, but it works! This talk will discuss the threat of account takeover. As well, as tools and techniques for detection and response within your own web applications.

Password reuse, stolen databases, IoT devices with default passwords, phishing, malware – the causes are many, but the result is the same: account takeover.

It is no longer acceptable nor enough to shrug it off as the user’s fault for poor security hygiene. Login anomaly detection is a concept which builds on behavioural biometrics – learning about someone’s behaviour, so that you can spot when they are being impersonated.

This talk will explore different signals we can look for in the data. We’ll look at an open source tool called AuthTables, which provides an easy way to defend against simple attacks. We’ll explore what we’d need to do for a more robust detection solution and recent developments coming out of industry and academia.

This talk will also explore various ‘after the fact’ tools and methodologies. We’ll look at what industry leaders are doing and achievable response techniques like step-up authentication, user notifications and distributed security alerting.

This talk is aimed at web developers, application security advisors, SIEM administrators and anyone who’s job involves defending web applications.