Explore the critical issue of account takeover (ATO) attacks in this 47-minute LASCON conference talk. Delve into the long-term impact of hacks like the 2012 LinkedIn breach, which resulted in a two-phase attack spanning years. Learn about the collection and compromise phases of ATO attacks, and how hackers use bots to exploit stolen data across multiple networks. Discover various approaches to combat ATO, including threat intelligence, rate limiting, and anomaly detection. Gain insights from IMMUNIO CTO Mike Milner on attacker tactics, such as evading rate limits and bypassing CAPTCHA protection. Understand the financial implications of ATO attacks and the importance of maintaining user trust. Examine different security measures, from strong login processes to U2F and phone apps, and explore the balance between security and user experience. Get introduced to a new tool for experimenting with Credential Stuffing attacks and learn how to build better defenses by understanding attacker methodologies. Read more