The Future of ATO

Explore the evolving landscape of Account Takeover (ATO) in this 51-minute Black Hat conference talk by Philip Martin. Delve into the challenges faced by online security professionals as they grapple with password megalists, massive PII breaches, and increasingly sophisticated attackers. Examine the unique perspective of Coinbase, one of the world's largest consumer cryptocurrency platforms, as they navigate the delicate balance between usability and security. Gain insights into emerging threats such as SIM swapping, account recovery abuse, critical phishing, credential stuffing, and botnet proliferation. Learn about countermeasures including ratelimiting, challenge-response systems, and list validation. Discuss the role of social engineering and banking malware in ATO attacks. Conclude with a Q&A session to address the future of online security and potential solutions to combat evolving ATO techniques.