An Attacker's Perspective: How and Why They Target Your Sites
Every day, financial institutions face an onslaught of automated attacks on their web and mobile applications by all types of fraudsters. Some test millions of stolen credentials on login applications to commit account takeover; others create thousands of accounts on account registration applications to validate stolen credit cards. In this session, Dan Woods, a former FBI special agent, describes how attackers target institutions and the ways they monetize their attacks.
See Also: A Toolkit for CISOs
This session offers insights on gaining a better understand of attackers' motivations and tactics, including how they:
- Move from targeting web applications to targeting mobile APIs;
- Exploit human click farms to advance credential stuffing attacks;
- Tunnel through aggregators to avoid detection.