Overview
Explore a cybersecurity presentation from the Security Analyst Summit 2019 in Singapore, where Sergey Lozhkin, senior security researcher at Kaspersky Lab, reveals a new technique criminals use to bypass anti-fraud systems. Learn about digital fingerprint theft and its implications for credential security. Delve into topics such as carding, device fingerprinting, advanced analytics, and machine learning in anti-fraud systems. Discover the inner workings of Genesis bots, stolen authorization data, and the creation of unique fingerprints to trick security measures. Gain insights into potential mitigations and the evolving landscape of cybercrime in this 21-minute talk that challenges conventional understanding of anti-fraud system vulnerabilities.
Syllabus
Intro
CARDING NOT DEAD
"VBIV" IS STILL THERE
ANTIFRAUD SYSTEMS WORKFLOW EXPECTATIONS
ANTIFRAUD SYSTEMS WORKFLOW IN REALITY
GOOD ANTIFRAUD SYSTEM SCHEMATIC
DEVICE FINGERPRINT
ADVANCED ANALYTICS + MACHINE LEARNING
FINGERPRINT CHECK EXAMPLE
FINAL DECISION MAKING
ANTIFRAUD BYPASS RULE 1: BE A TRUSTED COPY
MEET GENESIS
BOTS ON SALE
STOLEN AUTHORIZATION DATA
DETAILS
SEARCH
GENERATE
PLUGIN
ANTIFRAUD BYPASS RULE 2: BE UNIQUE
LICENSE SYSTEM
ADVANCED CONFIGURATION
CONFIG GENERATOR
DEEP CUSTOMIZATION
UNIQUE FINGERPRINT
MITIGATIONS
Taught by
Kaspersky