Presented By O'Reilly and Cloudera
Make Data Work
March 13–14, 2017: Training
March 14–16, 2017: Tutorials & Conference
San Jose, CA

Cloudy with a chance of fraud: A look at cloud-hosted attack trends

Ting-Fang Yen (DataVisor)
1:50pm2:30pm Wednesday, March 15, 2017
Average rating: ****.
(4.33, 3 ratings)

What you'll learn

  • Understand an attacker’s motivation: Why fraudsters use cloud-based platforms to launch attacks
  • Explore detailed examples of cloud-based attacks
  • Learn why cloud-based attacks are difficult to detect and what can be done about it
  • Discover the benefits of real-time, in-memory big data analytics for detecting fraudsters utilizing cloud platforms

Description

When it comes to visibility into account takeover, spam, and fake accounts, the proliferation of the cloud is making things a bit hazy. Cloud-hosted attacks are used to skirt IP blacklists and make fraudulent users seem like they are located somewhere they are not. The result? Massively scaled attack campaigns that cannot be detected using traditional security techniques.

Drawing on data from over 500 billion events and 400 million user accounts collected from global online services, Ting-Fang Yen analyzes the top cloud providers used by attackers to determine the differences in attack techniques across verticals and regions and identify trends over time. This data has shown that cloud services are targeted by fraudsters for promotion abuse and transaction fraud, as well as to launch attacks on other online services; massive registration and account takeovers are among the top attack types launched from cloud services; more than 20% of accounts originating from cloud services are fraudulent; and more than 3% of all bad users use cloud services. Yen also explores how big data technologies and real-time big data analytics can be used to identify and stop cloud-based attacks.

Photo of Ting-Fang Yen

Ting-Fang Yen

DataVisor

Ting-Fang Yen is director of research at DataVisor, the leading fraud, crime, and abuse detection solution utilizing unsupervised machine learning to detect fraudulent and malicious activity such as fake account registrations, fraudulent transactions, spam, account takeovers, and more. She has over 10 years of experience in applying big data analytics and machine learning to tackle problems in cybersecurity. Ting-Fang holds a PhD in electrical and computer engineering from Carnegie Mellon University.