Anti-Abuse Operations and the Abuse Bestiary

Tech 1 (718A) October 6, 2022 10:15 am - 11:15 am Feedback     

Bookmark and Share

Allan Stojanovic

When we talk about “abuse”, we use the term as shorthand for the much more encompassing “Abuse, Misuse, Malice and Crime” (with credit to Trey Ford). Within this definition we find that there are three subcategories of activities; Monetisation, Weaponization, and Misinformation campaigns. And although not perfect, it certainly starts to feel like we have some language to describe what we see.

Within this space is a second classification of “abuse in place” (the bad things that can be done using the service as-is), “abuse in business logic” (usually taking a gated action to do the bad thing), and “abuse as post exploitation” (the badness after exploiting a vulnerability).

Abuse actors are often goal-oriented. They have an idea of what they want to accomplish and go about attempting to accomplish that goal in a serial fashion. They tackle each barrier as they arise and try to figure out a way over, around or through it.

When one starts listing all the (generic) goals of an abuse actor, it paints a very interesting picture of the abuse landscape, gives one a frame of reference to start thinking about how their services can be abused, and provides hints on where to look for that abuse. Even when the abuse is spread across multiple services, multiple platforms, and multiple clouds.

In this talk we will introduce the Abuse Bestiary: a list of pseudo-actors by goal and some of the interesting things that they have done to achieve their goals. We will also talk about what enables these kinds of abuse, and where Anti-Abuse Operations fits in the larger organisation.