SlideShare une entreprise Scribd logo

Root conf Digital Skimming

A
Arjun BM

Digital Skimming

Technologie
1  sur  11
Télécharger pour lire hors ligne
- ARJUN B.M. The Art of Exfiltration DIGITAL SKIMMING
The Nation Wants To Know… WHAT 17000 domains compromised WHEN July 2019 WHO Cybercriminals (using Magecart technique) WHY Misconfigured Amazon S3 buckets. Financial gain HOW JavaScript-based payment card-skimming code is over- written on existing JavaScript files on the bucket
The Red Wedding – GoT Analogy
Outline • Context and Introduction • Threat Actors and Modus Operandi • Challenges and Countermeasures
Context & Introduction to Digital Skimming • Drivers and motivators for attacks on e-commerce sites • Magecart & The “What” of Digital Skimming • Big names: FILA, British Airways, Feedify
Threat Actors & Modus Operandi • The “How” of Digital Skimming • Attack Vectors : Patterns & Signatures • Post attack proceedings and operations
Underground Supply Chain Ref: "Inside Magecart" report by RiskIQ
Anatomy of a Digital Skimmer
Challenges & Countermeasures Challenges • Lack of visibility • Dependency on third parties • Diversity of attack types • Detection is difficult Countermeasures • JavaScript Controls • Website Configuration Settings • Hardening Procedures • Process & Policy
Conclusion • Build defenses against known attack patterns and watch out for the unknown • Collaborative sharing between impacted organizations, security researchers and law enforcement
Thank you

Recommandé

IoT Security RoundTable - March 2018
IoT Security RoundTable - March 2018IoT Security RoundTable - March 2018
IoT Security RoundTable - March 2018Whiteboard Venture Partners
 
Investing in Cybersecurity, 2020 outlook for Mexico
Investing in Cybersecurity, 2020 outlook for MexicoInvesting in Cybersecurity, 2020 outlook for Mexico
Investing in Cybersecurity, 2020 outlook for MexicoWhiteboard Venture Partners
 
Root conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmRoot conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmArjun BM
 
Root conf digitalskimming-v3
Root conf digitalskimming-v3Root conf digitalskimming-v3
Root conf digitalskimming-v3Arjun BM
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmArjun BM
 
Digital skimming root_conf_ppt
Digital skimming root_conf_pptDigital skimming root_conf_ppt
Digital skimming root_conf_pptArjun BM
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit WondersInternetwork Engineering (IE)
 

Recommandé

IoT Security RoundTable - March 2018
IoT Security RoundTable - March 2018IoT Security RoundTable - March 2018
IoT Security RoundTable - March 2018Whiteboard Venture Partners
 
Investing in Cybersecurity, 2020 outlook for Mexico
Investing in Cybersecurity, 2020 outlook for MexicoInvesting in Cybersecurity, 2020 outlook for Mexico
Investing in Cybersecurity, 2020 outlook for MexicoWhiteboard Venture Partners
 
Root conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmRoot conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmArjun BM
 
Root conf digitalskimming-v3
Root conf digitalskimming-v3Root conf digitalskimming-v3
Root conf digitalskimming-v3Arjun BM
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmArjun BM
 
Digital skimming root_conf_ppt
Digital skimming root_conf_pptDigital skimming root_conf_ppt
Digital skimming root_conf_pptArjun BM
 
Data Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyData Leakage Prevention - K. K. Mookhey
Data Leakage Prevention - K. K. MookheyNetwork Intelligence India
 
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit Wonders
2019 Cybersecurity Threats & Trends: The Chart Toppers & One-hit WondersInternetwork Engineering (IE)
 
Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginnersSamvel Gevorgyan
 
API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...Artem Demchenkov
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Mahbubul Alam
 
Detect Fraud Successfully with GrabDefence! | Muqi Li, Grab
Detect Fraud Successfully with GrabDefence! | Muqi Li, GrabDetect Fraud Successfully with GrabDefence! | Muqi Li, Grab
Detect Fraud Successfully with GrabDefence! | Muqi Li, GrabHostedbyConfluent
 
Year of the AppSec Breach_Forrester
Year of the AppSec Breach_ForresterYear of the AppSec Breach_Forrester
Year of the AppSec Breach_ForresterJessica Lavery Pozerski
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"CompTIA
 
Bigdata based fraud detection
Bigdata based fraud detectionBigdata based fraud detection
Bigdata based fraud detectionMk Kim
 
What is Blockchain and How Can It Change the Game for Financial Institutions?
What is Blockchain and How Can It Change the Game for Financial Institutions?What is Blockchain and How Can It Change the Game for Financial Institutions?
What is Blockchain and How Can It Change the Game for Financial Institutions?Colleen Beck-Domanico
 
Compromised e commerce_sites_lead_to_web-based_keyloggers
Compromised e commerce_sites_lead_to_web-based_keyloggersCompromised e commerce_sites_lead_to_web-based_keyloggers
Compromised e commerce_sites_lead_to_web-based_keyloggersAndrey Apuhtin
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application SecurityJim Kaplan CIA CFE
 
Mapping Data Flows Across Apps, Microservices & APIs
Mapping Data Flows Across Apps, Microservices & APIsMapping Data Flows Across Apps, Microservices & APIs
Mapping Data Flows Across Apps, Microservices & APIsDevOps.com
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers
CCPA (California Consumer Privacy Act) Tips For Software Developers and ManagersCCPA (California Consumer Privacy Act) Tips For Software Developers and Managers
CCPA (California Consumer Privacy Act) Tips For Software Developers and ManagersAdam Sbeta
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Intellect's Global Transaction Banking
Intellect's Global Transaction BankingIntellect's Global Transaction Banking
Intellect's Global Transaction BankingIntellect Design Arena .
 
Behavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowBehavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowGuardian Analytics
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 

Contenu connexe

Similaire à Root conf Digital Skimming

Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginnersSamvel Gevorgyan
 
API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...Artem Demchenkov
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACristian Garcia G.
 
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Mahbubul Alam
 
Detect Fraud Successfully with GrabDefence! | Muqi Li, Grab
Detect Fraud Successfully with GrabDefence! | Muqi Li, GrabDetect Fraud Successfully with GrabDefence! | Muqi Li, Grab
Detect Fraud Successfully with GrabDefence! | Muqi Li, GrabHostedbyConfluent
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityUlf Mattsson
 
Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"CompTIA
 
Bigdata based fraud detection
Bigdata based fraud detectionBigdata based fraud detection
Bigdata based fraud detectionMk Kim
 
What is Blockchain and How Can It Change the Game for Financial Institutions?
What is Blockchain and How Can It Change the Game for Financial Institutions?What is Blockchain and How Can It Change the Game for Financial Institutions?
What is Blockchain and How Can It Change the Game for Financial Institutions?Colleen Beck-Domanico
 
Compromised e commerce_sites_lead_to_web-based_keyloggers
Compromised e commerce_sites_lead_to_web-based_keyloggersCompromised e commerce_sites_lead_to_web-based_keyloggers
Compromised e commerce_sites_lead_to_web-based_keyloggersAndrey Apuhtin
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application SecurityJim Kaplan CIA CFE
 
Mapping Data Flows Across Apps, Microservices & APIs
Mapping Data Flows Across Apps, Microservices & APIsMapping Data Flows Across Apps, Microservices & APIs
Mapping Data Flows Across Apps, Microservices & APIsDevOps.com
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloudUlf Mattsson
 
CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers
CCPA (California Consumer Privacy Act) Tips For Software Developers and ManagersCCPA (California Consumer Privacy Act) Tips For Software Developers and Managers
CCPA (California Consumer Privacy Act) Tips For Software Developers and ManagersAdam Sbeta
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorEMC
 
Behavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowBehavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowGuardian Analytics
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaAngeloluca Barba
 

Similaire à Root conf Digital Skimming (20)

Websecurity fundamentals for beginners
Websecurity fundamentals for beginnersWebsecurity fundamentals for beginners
Websecurity fundamentals for beginners
 
API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...API Scraping. How to protect your API against something that is not necessar...
API Scraping. How to protect your API against something that is not necessar...
 
Ciberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IACiberseguridad en el mundo de la IA
Ciberseguridad en el mundo de la IA
 
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...Protecting Autonomous Vehicles and Connected Services with Software Defined P...
Protecting Autonomous Vehicles and Connected Services with Software Defined P...
 
Detect Fraud Successfully with GrabDefence! | Muqi Li, Grab
Detect Fraud Successfully with GrabDefence! | Muqi Li, GrabDetect Fraud Successfully with GrabDefence! | Muqi Li, Grab
Detect Fraud Successfully with GrabDefence! | Muqi Li, Grab
 
Year of the AppSec Breach_Forrester
Year of the AppSec Breach_ForresterYear of the AppSec Breach_Forrester
Year of the AppSec Breach_Forrester
 
Who is the next target proactive approaches to data security
Who is the next target proactive approaches to data securityWho is the next target proactive approaches to data security
Who is the next target proactive approaches to data security
 
Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"Tech Refresh - Ambient Computing and the IT "new normal"
Tech Refresh - Ambient Computing and the IT "new normal"
 
Bigdata based fraud detection
Bigdata based fraud detectionBigdata based fraud detection
Bigdata based fraud detection
 
What is Blockchain and How Can It Change the Game for Financial Institutions?
What is Blockchain and How Can It Change the Game for Financial Institutions?What is Blockchain and How Can It Change the Game for Financial Institutions?
What is Blockchain and How Can It Change the Game for Financial Institutions?
 
Compromised e commerce_sites_lead_to_web-based_keyloggers
Compromised e commerce_sites_lead_to_web-based_keyloggersCompromised e commerce_sites_lead_to_web-based_keyloggers
Compromised e commerce_sites_lead_to_web-based_keyloggers
 
Cyber security series Application Security
Cyber security series Application SecurityCyber security series Application Security
Cyber security series Application Security
 
Mapping Data Flows Across Apps, Microservices & APIs
Mapping Data Flows Across Apps, Microservices & APIsMapping Data Flows Across Apps, Microservices & APIs
Mapping Data Flows Across Apps, Microservices & APIs
 
Practical risk management for the multi cloud
Practical risk management for the multi cloudPractical risk management for the multi cloud
Practical risk management for the multi cloud
 
CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers
CCPA (California Consumer Privacy Act) Tips For Software Developers and ManagersCCPA (California Consumer Privacy Act) Tips For Software Developers and Managers
CCPA (California Consumer Privacy Act) Tips For Software Developers and Managers
 
Countering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website BehaviorCountering Cyber Threats By Monitoring “Normal” Website Behavior
Countering Cyber Threats By Monitoring “Normal” Website Behavior
 
Intellect's Global Transaction Banking
Intellect's Global Transaction BankingIntellect's Global Transaction Banking
Intellect's Global Transaction Banking
 
Behavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and TomorrowBehavioral Analytics for Preventing Fraud Today and Tomorrow
Behavioral Analytics for Preventing Fraud Today and Tomorrow
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca BarbaEvolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
Evolutionary ATM & Cyber Security - Selex ES - Angeloluca Barba
 

Dernier

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 

Dernier (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping ElbowsPigging Solutions Piggable Sweeping Elbows
Pigging Solutions Piggable Sweeping Elbows
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 

Root conf Digital Skimming

  • 1. - ARJUN B.M. The Art of Exfiltration DIGITAL SKIMMING
  • 2. The Nation Wants To Know… WHAT 17000 domains compromised WHEN July 2019 WHO Cybercriminals (using Magecart technique) WHY Misconfigured Amazon S3 buckets. Financial gain HOW JavaScript-based payment card-skimming code is over- written on existing JavaScript files on the bucket
  • 3. The Red Wedding – GoT Analogy
  • 4. Outline • Context and Introduction • Threat Actors and Modus Operandi • Challenges and Countermeasures
  • 5. Context & Introduction to Digital Skimming • Drivers and motivators for attacks on e-commerce sites • Magecart & The “What” of Digital Skimming • Big names: FILA, British Airways, Feedify
  • 6. Threat Actors & Modus Operandi • The “How” of Digital Skimming • Attack Vectors : Patterns & Signatures • Post attack proceedings and operations
  • 7. Underground Supply Chain Ref: "Inside Magecart" report by RiskIQ
  • 8. Anatomy of a Digital Skimmer
  • 9. Challenges & Countermeasures Challenges • Lack of visibility • Dependency on third parties • Diversity of attack types • Detection is difficult Countermeasures • JavaScript Controls • Website Configuration Settings • Hardening Procedures • Process & Policy
  • 10. Conclusion • Build defenses against known attack patterns and watch out for the unknown • Collaborative sharing between impacted organizations, security researchers and law enforcement