2. BUSINESS BACKGROUND
All sites connected to the same
card processing environment.
Small retailer operates one main store, multiple satellite
stores, and two corporate offices.
3. BUSINESS BACKGROUND
During a routine anti-virus
log review, in-house IT staff
member finds Sirefef rootkit
at satellite store.
4. WHAT IS A ROOTKIT?
A rootkit is a type of malicious
software activated each time a
system boots up.
They are difficult to detect
because they reside at the
system’s kernel level, and are
activated before a system’s
operating system has completely
booted up.
5. HOW HACKERS GOT IN
Compromised the credentials for the
remote access application, LogMeIn.
Installed Sirefef, a sophisticated
rootkit that can spread spam or
capture sensitive information such as
passwords or credit card data.
6. FORENSIC INVESTIGATOR FINDINGS
Investigator finds the Sirefef rootkit did
not actually steal customer credit cards.
Further investigation revealed a
memory scraper called Alina (installed
by the same hacker), designed
specifically to capture payment
information from POS terminals.
7. WHAT IS A MEMORY SCRAPER?
A memory scraper is designed to
capture, or ‘scrape’ sensitive
information from system memory (RAM)
and return it back to the attacker.
The Alina memory scraper can morph
into newer versions to avoid detection,
or automatically reinstall in different
locations if deleted.
8. WHAT THE BUSINESS DID WRONG
Retailer didn’t employ
two-factor authentication to
secure remote access into
their main store, satellites,
and corporate offices.
9. WHAT’S TWO-FACTOR AUTHENTICATION?
Two factor authentication is an
extra layer of security that
requires not only a password and
username but also something
only the user should know/have
(e.g., a fingerprint).
10. WHAT THE BUSINESS DID WRONG
Although they regularly
reviewed anti-virus logs, IT
staff did not regularly update
anti-virus program and
system security patches.
11. WHAT THE BUSINESS DID WRONG
In addition, the credit card
processing environment was
not segmented away from
routine Internet traffic.
Internet
Firewall
Wireless Device
Network Switch
Terminal Office Computer Printer Mobile Hotspot
The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss.
What is the PCI DSS?
The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data.
Who is required to comply with PCI DSS?
All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss.
What is the PCI DSS?
The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data.
Who is required to comply with PCI DSS?
All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss.
What is the PCI DSS?
The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data.
Who is required to comply with PCI DSS?
All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.