Crabby's Credential Stuffing:
|
Abstract
In 2024, Anthony Albanese was forced to address the public after more than 100 well known Australian brands were affected by a credential stuffing attack. We discovered this was perpetrated by a hacker known as “Crabby”. Stolen access was used to make fraudulent orders with unsuspecting customer accounts, to acquire high end tech, luxury fashion, and even burritos. But who owns the risk? Australian consumers continue to practice poor cyber security hygiene, whilst organisations often do not adequately protect their retail systems from automated attacks. The gap between this ownership of risk is exploited by criminal threat actors. Attend this talk to learn more about the threat actors targeting Australian organisations with full-service credential stuffing capabilities, and recommendations for protection. Speaker Bio: Jacob Larsen is an offensive security team lead at distinguished Australian cyber security consulting firm CyberCX. He is also a threat researcher who has specialized in infiltrating underground cybercrime groups to gain insights into their tradecraft and motives since 2016. He has analysed the modus operandi of doxxers, sim swappers, crypto drainers, fraud groups, espionage specialists, exploit developers, initial access brokers and more. Jacob is also a seasoned speaker, who has shared his research at Black Hat USA 2024. As the Head of Security Engineering and Threat Intelligence at Kasada, an Australian based anti-bot provider, Reece has focused on building intelligence collection and analysis capabilities over the last two years. Prior to this Reece worked within law enforcement and government agencies for 17 years focusing on some of Australia's largest criminal threats. |