Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale
@article{Campobasso2020ImpersonationasaServiceCT,
title={Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale},
author={M. Campobasso and Luca Allodi},
journal={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
year={2020}
}In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by… CONTINUE READING
Figures and Tables from this paper
2 Citations
Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols
- Computer Science
- IACR Cryptol. ePrint Arch.
- 2020
- Highly Influenced
- PDF
What's in Score for Website Users: A Data-driven Long-term Study on Risk-based Authentication Characteristics
- Computer Science
- ArXiv
- 2021
- PDF
References
SHOWING 1-5 OF 5 REFERENCES
Data Breaches, Phishing, or Malware?: Understanding the Risks of Stolen Credentials
- Computer Science
- CCS
- 2017
- 87
- Highly Influential
- PDF
Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild
- Computer Science
- SEC
- 2019
- 11
- Highly Influential
- PDF
Azorult malware infects victims via fake protonvpn installer, Feb 2020
- 2020
Azorult trojan disguised itself as fake protonvpn installer, Feb 2020
- 2020
New azorult campaign abuses popular vpn service to steal cryptocurrency
- 2020