The economic incentive of account takeover attacks

Fraudsters attack websites for profit and to make a living. As a basic principle, it requires that the income they generate from their attack is at least higher than their cost but also ideally enough to sustain their lifestyle. In this talk, I'll share my research focusing on understanding the potential net income for fraudsters who specialize in credential stuffing attacks against sites from different industries protected with different types of technologies. We’ll take the point of view of the attacker and look at the infrastructure and software they must develop, deploy, and maintain to successfully attack sites that are protected with Web Application Firewall (WAF), a bot management product, or an advanced fraud detection product. In conclusion, we’ll compare and contrast which solution is most effective in destroying the attacker’s economic incentive and forcing them to stop.This research is based on facts collected on the dark web, Telegram, Discord, and other social media platforms where fraudsters regularly exchange information as well as the attack traffic I observed while working for Arkose Labs.