Mangatas Tondang / @tas_kmanager
Tas has spent the last seven years immersed in the worlds of threat hunting, detection engineering, and security research. Currently, he's making changes at Microsoft, specializing in cloud security research. Beyond his professional endeavors, Tas is a passionate contributor to the cybersecurity community, holding roles in the DFIR report and Curated Intelligence. He's also no stranger to the stage, having presented at various conferences around the globe, to name a few SANS Summits and DEF CON BTV. When he's not navigating the digital landscape, Tas enjoys the art of astrophotography and embarking on spontaneous adventures across the globe exploring landscapes and cuisines.
Session
In today's digital era, even robust security frameworks like OWASP and MITRE ATT&CK can prove inadequate against sophisticated phishing attacks. These attacks leverage official chat functionalities in web and mobile applications, causing significant disruptions within the tourism and lodging sectors of modern web applications. This presentation unveils a series of firsthand encounters with such attacks, illustrating their impact and tracing them back to a major cybercriminal ecosystem that utilizes Telegram bots. Through meticulous research and open-source threat intelligence, the discussion explores the vulnerabilities and shortcomings major organizations face in defending against these threats. Key lessons in secure coding, detection engineering, proactive threat intelligence, and security awareness are highlighted, providing attendees with insights to fortify their defenses with a multi-layered security approach. This approach aims to mitigate evolving cyber risks and protect both web applications and brand integrity.