SlideShare une entreprise Scribd logo

The Case of the Mistaken Malware

Télécharger en tant que PPTX, PDF
SecurityMetrics
SecurityMetrics
TechnologieBusiness
1  sur  12
© 2016 SecurityMetrics The Case of the Mistaken Malware Forensic Files Series
BUSINESS BACKGROUND All sites connected to the same card processing environment. Small retailer operates one main store, multiple satellite stores, and two corporate offices.
BUSINESS BACKGROUND During a routine anti-virus log review, in-house IT staff member finds Sirefef rootkit at satellite store.
WHAT IS A ROOTKIT? A rootkit is a type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system’s operating system has completely booted up.
HOW HACKERS GOT IN Compromised the credentials for the remote access application, LogMeIn. Installed Sirefef, a sophisticated rootkit that can spread spam or capture sensitive information such as passwords or credit card data.
FORENSIC INVESTIGATOR FINDINGS Investigator finds the Sirefef rootkit did not actually steal customer credit cards. Further investigation revealed a memory scraper called Alina (installed by the same hacker), designed specifically to capture payment information from POS terminals.
WHAT IS A MEMORY SCRAPER? A memory scraper is designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. The Alina memory scraper can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
WHAT THE BUSINESS DID WRONG Retailer didn’t employ two-factor authentication to secure remote access into their main store, satellites, and corporate offices.
WHAT’S TWO-FACTOR AUTHENTICATION? Two factor authentication is an extra layer of security that requires not only a password and username but also something only the user should know/have (e.g., a fingerprint).
WHAT THE BUSINESS DID WRONG Although they regularly reviewed anti-virus logs, IT staff did not regularly update anti-virus program and system security patches.
WHAT THE BUSINESS DID WRONG In addition, the credit card processing environment was not segmented away from routine Internet traffic. Internet Firewall Wireless Device Network Switch Terminal Office Computer Printer Mobile Hotspot
www.securitymetrics.com Wenlock Free VP Business Development wfree@securitymetrics.com

Recommandé

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
Alejandro Correa Bahnsen, PhD
 
DeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AIDeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AI
Alejandro Correa Bahnsen, PhD
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
Alejandro Correa Bahnsen, PhD
 
5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System
Michael Cunningham
 
Black Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime SeasonBlack Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime Season
Tenable Network Security
 
Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection
SumanthKommineni
 
2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package
Mike Maziarka
 

Recommandé

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
Alejandro Correa Bahnsen, PhD
 
DeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AIDeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AI
Alejandro Correa Bahnsen, PhD
 
black hat deephish
black hat deephishblack hat deephish
black hat deephish
Alejandro Correa Bahnsen, PhD
 
5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System
Michael Cunningham
 
Black Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime SeasonBlack Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime Season
Tenable Network Security
 
Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection
SumanthKommineni
 
2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package
Mike Maziarka
 
Past, Present & Future of Credentials Theft
Past, Present & Future of Credentials TheftPast, Present & Future of Credentials Theft
Past, Present & Future of Credentials Theft
Lavi Lazarovitz
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
Digital Shadows
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
Priyanka Aash
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
Digital Shadows
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
HarishBabuKaveri
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User Authentication
Intel IT Center
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-
Nikki Alexander
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
Digital Shadows
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
CBIZ Risk & Advisory Services
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirates
webnowires
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer Malware
Pro Mrkt
 
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Intel IT Center
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
United Security Providers AG
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Host
webhostingguy
 
Security Threat Presentation
Security Threat PresentationSecurity Threat Presentation
Security Threat Presentation
Robert Giannini
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOC
Roberto Sponchioni
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
5h1vang
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
dawitTerefe5
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
Invincea, Inc.
 

Contenu connexe

Tendances

Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-
Nikki Alexander
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Host
webhostingguy
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
 

Tendances (20)

Past, Present & Future of Credentials Theft
Past, Present & Future of Credentials TheftPast, Present & Future of Credentials Theft
Past, Present & Future of Credentials Theft
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User Authentication
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirates
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer Malware
 
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Host
 
Security Threat Presentation
Security Threat PresentationSecurity Threat Presentation
Security Threat Presentation
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOC
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
 

Similaire à The Case of the Mistaken Malware

Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
Tyler Shields
 

Similaire à The Case of the Mistaken Malware (20)

ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
 
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptxHow Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
The Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify themThe Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify them
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smart
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Day2.pptx
Day2.pptxDay2.pptx
Day2.pptx
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
 
Basics of hacking
Basics of hackingBasics of hacking
Basics of hacking
 
System hacking
System hackingSystem hacking
System hacking
 

Plus de SecurityMetrics

Plus de SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 

Dernier

A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
Igalia
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Miguel Araújo
 

Dernier (20)

GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024AXA XL - Insurer Innovation Award Americas 2024
AXA XL - Insurer Innovation Award Americas 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ..."I see eyes in my soup": How Delivery Hero implemented the safety system for ...
"I see eyes in my soup": How Delivery Hero implemented the safety system for ...
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024Manulife - Insurer Transformation Award 2024
Manulife - Insurer Transformation Award 2024
 
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
Apidays Singapore 2024 - Scalable LLM APIs for AI and Generative AI Applicati...
 
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
Emergent Methods: Multi-lingual narrative tracking in the news - real-time ex...
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWEREMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
EMPOWERMENT TECHNOLOGY GRADE 11 QUARTER 2 REVIEWER
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 

The Case of the Mistaken Malware

  • 1. © 2016 SecurityMetrics The Case of the Mistaken Malware Forensic Files Series
  • 2. BUSINESS BACKGROUND All sites connected to the same card processing environment. Small retailer operates one main store, multiple satellite stores, and two corporate offices.
  • 3. BUSINESS BACKGROUND During a routine anti-virus log review, in-house IT staff member finds Sirefef rootkit at satellite store.
  • 4. WHAT IS A ROOTKIT? A rootkit is a type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system’s operating system has completely booted up.
  • 5. HOW HACKERS GOT IN Compromised the credentials for the remote access application, LogMeIn. Installed Sirefef, a sophisticated rootkit that can spread spam or capture sensitive information such as passwords or credit card data.
  • 6. FORENSIC INVESTIGATOR FINDINGS Investigator finds the Sirefef rootkit did not actually steal customer credit cards. Further investigation revealed a memory scraper called Alina (installed by the same hacker), designed specifically to capture payment information from POS terminals.
  • 7. WHAT IS A MEMORY SCRAPER? A memory scraper is designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. The Alina memory scraper can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
  • 8. WHAT THE BUSINESS DID WRONG Retailer didn’t employ two-factor authentication to secure remote access into their main store, satellites, and corporate offices.
  • 9. WHAT’S TWO-FACTOR AUTHENTICATION? Two factor authentication is an extra layer of security that requires not only a password and username but also something only the user should know/have (e.g., a fingerprint).
  • 10. WHAT THE BUSINESS DID WRONG Although they regularly reviewed anti-virus logs, IT staff did not regularly update anti-virus program and system security patches.
  • 11. WHAT THE BUSINESS DID WRONG In addition, the credit card processing environment was not segmented away from routine Internet traffic. Internet Firewall Wireless Device Network Switch Terminal Office Computer Printer Mobile Hotspot
  • 12. www.securitymetrics.com Wenlock Free VP Business Development wfree@securitymetrics.com

Notes de l'éditeur

  1. The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss. What is the PCI DSS? The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data. Who is required to comply with PCI DSS? All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
  2. The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss. What is the PCI DSS? The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data. Who is required to comply with PCI DSS? All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
  3. The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss. What is the PCI DSS? The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data. Who is required to comply with PCI DSS? All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.