[Submitted on 9 Sep 2020 (v1), last revised 5 Nov 2020 (this version, v2)]

Download PDF

Abstract: In this paper we provide evidence of an emerging criminal infrastructure
enabling impersonation attacks at scale. Impersonation-as-a-Service (ImpaaS)
allows attackers to systematically collect and enforce user profiles
(consisting of user credentials, cookies, device and behavioural fingerprints,
and other metadata) to circumvent risk-based authentication system and
effectively bypass multi-factor authentication mechanisms. We present the
ImpaaS model and evaluate its implementation by analysing the operation of a
large, invite-only, Russian ImpaaS platform providing user profiles for more
than $260’000$ Internet users worldwide. Our findings suggest that the ImpaaS
model is growing, and provides the mechanisms needed to systematically evade
authentication controls across multiple platforms, while providing attackers
with a reliable, up-to-date, and semi-automated environment enabling target
selection and user impersonation against Internet users as scale.

Submission history

From: Michele Campobasso [view email]


[v1]

Wed, 9 Sep 2020 15:08:51 UTC (1,360 KB)

[v2]

Thu, 5 Nov 2020 15:45:39 UTC (1,360 KB)

Read More