Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale

@article{Campobasso2020ImpersonationasaServiceCT,
  title={Impersonation-as-a-Service: Characterizing the Emerging Criminal Infrastructure for User Impersonation at Scale},
  author={M. Campobasso and Luca Allodi},
  journal={Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security},
  year={2020}
}
  • M. Campobasso, Luca Allodi
  • Published 2020
  • Computer Science
  • Proceedings of the 2020 ACM SIGSAC Conference on Computer and Communications Security
  • In this paper we provide evidence of an emerging criminal infrastructure enabling impersonation attacks at scale. Impersonation-as-a-Service (IMPaaS) allows attackers to systematically collect and enforce user profiles (consisting of user credentials, cookies, device and behavioural fingerprints, and other metadata) to circumvent risk-based authentication system and effectively bypass multi-factor authentication mechanisms. We present the IMPaaS model and evaluate its implementation by… CONTINUE READING
    2 Citations
    Is Real-time Phishing Eliminated with FIDO? Social Engineering Downgrade Attacks against FIDO Protocols
    • Highly Influenced
    • PDF

    References

    SHOWING 1-5 OF 5 REFERENCES
    Data Breaches, Phishing, or Malware?: Understanding the Risks of Stolen Credentials
    • 87
    • Highly Influential
    • PDF
    Is This Really You? An Empirical Study on Risk-Based Authentication Applied in the Wild
    • 11
    • Highly Influential
    • PDF
    Azorult malware infects victims via fake protonvpn installer, Feb 2020
    • 2020
    Azorult trojan disguised itself as fake protonvpn installer, Feb 2020
    • 2020
    New azorult campaign abuses popular vpn service to steal cryptocurrency
    • 2020