A penny per visit adds up real fast: designing effective defenses against an adversary that makes more money than your entire company does
Michael Tiffany
White Ops
Ad fraud yields a higher lifetime value per infection than anything else you can do with a botnet. As a result, top tier operators have gone to extraordinary lengths to make bots as lifelike as possible to evade detection. In this talk, we will review:
- The state of the art in bot behavior, evasion, and anti-forensics. Hint: the adversary can use machine learning, too, and they have lots of real people to clone, emulate, or train off of
- Why even well-studied malware families like Kovter are still alive and kicking
- Breakthrough techniques in running an arms race against an adversary you must model as at least as smart as you and almost certainly better resourced than you
- Deception and strategic indeterminacy: Getting inside the OODA loop of an adaptive adversary by denying immediate success/fail feedback
- Corollary: put security through obscurity back in your playbook
- Cui bono? Playable moves when you can detect an adversary, they can’t tell they’ve been detected, and you can see which bank accounts benefit from what they attempted
⏭ | |
⬇ | Slides |
References
- The Methbot Operation (2016)
- The Business of Hacking (2016)
Presenter
- How Pseudonymous Reputation and the Dark Web Have Made Cybercrime Easier Than Ever (2018)
- Ads.txt: a simple, elegant solution to the insidious problem of domain spoofing (2018)