Does Your Threat Model Consider Country and Culture? A Case Study of Brazilian Internet Banking Security to Show That It Should
USENIX Enigma Conference via YouTube
Overview
Explore a thought-provoking conference talk that challenges conventional threat modeling approaches by examining the unique cybersecurity landscape of Brazilian internet banking. Delve into a case study spanning 7 years and over 40,000 malware samples to understand how regional factors, cultural nuances, and technological infrastructure significantly influence the development and targeting of cyber threats. Learn why global threat models may fall short in addressing localized risks, and discover how Brazil's distinct internet banking ecosystem has shaped novel attack vectors, from early phishing attempts to Java-based malware and WhatsApp-powered transactions. Gain valuable insights into the importance of considering country-specific and cultural contexts when developing comprehensive threat models and security evaluations.
Syllabus
Intro
Internet Banking Desktop Clients
A Predictable Future
A Profusion of File Formats
Tracking the Atlackers
The case of WhatsApp
A Scenarios Comparison
A Real Dataset
Brazilian Malware vs. Antiviruses
Brazilian Malware vs. Machine Learning
Taught by
USENIX Enigma Conference