A penny per visit adds up real fast: designing effective defenses against an adversary that makes more money than your entire company does

Michael Tiffany
White Ops

Ad fraud yields a higher lifetime value per infection than anything else you can do with a botnet. As a result, top tier operators have gone to extraordinary lengths to make bots as lifelike as possible to evade detection. In this talk, we will review:

  • The state of the art in bot behavior, evasion, and anti-forensics. Hint: the adversary can use machine learning, too, and they have lots of real people to clone, emulate, or train off of
  • Why even well-studied malware families like Kovter are still alive and kicking
  • Breakthrough techniques in running an arms race against an adversary you must model as at least as smart as you and almost certainly better resourced than you
  • Deception and strategic indeterminacy: Getting inside the OODA loop of an adaptive adversary by denying immediate success/fail feedback
  • Corollary: put security through obscurity back in your playbook
  • Cui bono? Playable moves when you can detect an adversary, they can’t tell they’ve been detected, and you can see which bank accounts benefit from what they attempted