When it comes to visibility into account takeover, spam, and fake accounts, the proliferation of the cloud is making things a bit hazy. Cloud-hosted attacks are used to skirt IP blacklists and make fraudulent users seem like they are located somewhere they are not. The result? Massively scaled attack campaigns that cannot be detected using traditional security techniques.
Drawing on data from over 500 billion events and 400 million user accounts collected from global online services, Ting-Fang Yen analyzes the top cloud providers used by attackers to determine the differences in attack techniques across verticals and regions and identify trends over time. This data has shown that cloud services are targeted by fraudsters for promotion abuse and transaction fraud, as well as to launch attacks on other online services; massive registration and account takeovers are among the top attack types launched from cloud services; more than 20% of accounts originating from cloud services are fraudulent; and more than 3% of all bad users use cloud services. Yen also explores how big data technologies and real-time big data analytics can be used to identify and stop cloud-based attacks.
Ting-Fang Yen is director of research at DataVisor, the leading fraud, crime, and abuse detection solution utilizing unsupervised machine learning to detect fraudulent and malicious activity such as fake account registrations, fraudulent transactions, spam, account takeovers, and more. She has over 10 years of experience in applying big data analytics and machine learning to tackle problems in cybersecurity. Ting-Fang holds a PhD in electrical and computer engineering from Carnegie Mellon University.
©2017, O'Reilly Media, Inc. • (800) 889-8969 or (707) 827-7019 • Monday-Friday 7:30am-5pm PT • All trademarks and registered trademarks appearing on oreilly.com are the property of their respective owners. • firstname.lastname@example.org
Apache Hadoop, Hadoop, Apache Spark, Spark, and Apache are either registered trademarks or trademarks of the Apache Software Foundation in the United States and/or other countries, and are used with permission. The Apache Software Foundation has no affiliation with and does not endorse, or review the materials provided at this event, which is managed by O'Reilly Media and/or Cloudera.