What do you as a consumer need to know about all the company breaches? Malware Archaeology LOG-MD

1. With all the breaches
What YOU need to know
Michael Gough – Co-Founder
MalwareArchaeology.com
IMFSecurity.com
LOG-MD.com

2. Who am I
• Blue Team Defender Ninja, Incident Responders, Malware
Archaeologist
• I help people recover from breaches, evaluate malware
• Co-Creator of “Log-MD” – The Log and Malicious Discovery Tool
Podcast - “Brakeing Down Incident Response”
LOG-MD.com

3. Where to find me
• Twitter - @HackerHurricane
• Blog – HackerHurricane.com
• Website
– MalwareArchaeology.com
• Windows Incident Response Tool
– LOG-MD.com
LOG-MD.com

4. Why we here?
LOG-MD.com

5. You’re Next
97,000 76 Mil + 8 Mil
1000+ Businesses395 Stores
4.5 Million
25,000
4.9 Million
4.03 Million
105k trans
40 Million
40+70 Million
$148 Mil
33 locations
650k - 2010
??????
76,000
670,000
1900 locations
145 Million
20,000
3 Million
35,000
60,000 alerts
990,000
56 Mil
550,000
TBD
Citigroup, E*Trade Financial Corp.,
Regions Financial Crop, HSBC
Holdings and ADP
??????

6. Yup, our Personal Info is gone
MalwareArchaeology.com

7. ATM Fraud via Malware
LOG-MD.com

8. Malware focuses on one main OS
LOG-MD.com

9. MAC Malware
• So get a MAC
• 90+% less chance of
getting malware
• MUCH safer to use
• Than Windows
• Stats do not lie
LOG-MD.com

10. Debit Card Fraud
LOG-MD.com

11. Debit Cards
• They are a REALLY bad idea these days
• With fraud so high, your checking account is at
risk
• Remember the movie ‘Catch me if you can’?
LOG-MD.com

12. Debit Cards
• Use it at ONE place and ONE place only !!!
– The Grocery Store
• You can pay for food AND get cash, so it is an
ATM too
• Use the SAME chain when traveling
• Then if it gets compromised you know
EXACTLY where
LOG-MD.com

13. Credit Cards
• They are insured
• No risk to you
• 30 days or so until you have to pay your bill
• Debit Cards are taken directly out of your
checking account
• It is always better to use someone else's $$$
before yours
LOG-MD.com

14. Shredding
• People do not do enough of this
• It is cheap and easy
• Shred your stuff
• Even Frank says so
• Don’t throw away
mail, shred it !
LOG-MD.com

15. Credit Monitoring
LOG-MD.com
I’m a Security
Monitor… You
are being robbed

16. Credit Monitoring
• It let’s you know something has occurred
• Usually way too late for you to do anything
about it
• 10 days was my experience when I unfroze my
credit to buy our property here in Salado
• We already closed the deal before I was
notified
• It is NOT worth the money… unless FREE
LOG-MD.com

17. Credit Freeze – Your BEST Friend
• There are FIVE (5) agencies
– Bet you thought there were only 3
• Equifax
• Experian
• Trans Union
• Innovis
• NCTUE (Telco’s) – Serviced by Equifax
LOG-MD.com

18. How to Place a Freeze
• Equifax
– https://help.equifax.com/s/article/What-are-the-security-
freeze-fees-in-my-state
• Experian
– https://www.experian.com/freeze/center.html
• Trans Union
– https://www.transunion.com/credit-freeze
• Innovis
– https://www.innovis.com/personal/securityFreeze
• NCTUE
– 1-866-349-5355
LOG-MD.com

19. Credit Freeze
• Security researcher and author Brian Krebs
does more research on this subject than
anyone
• https://krebsonsecurity.com/2015/06/how-i-
learned-to-stop-worrying-and-embrace-the-
security-freeze/
• You can see articles on ATM skimmers and
other credit card fraud
LOG-MD.com

20. Credit Offers
• Placing a security alert at ChexSystems, which
is used by thousands of banks to verify
customers that are requesting new checking
and savings accounts. In addition, consumers
can opt out of pre-approved credit offers by
calling 1-888-5-OPT-OUT (1-888-567-8688), or
visit optoutprescreen.com
LOG-MD.com

21. Salary History
• How to Opt Out of Equifax Revealing Your Salary
History
• To place a security freeze on your The Work Number
employment report, send
your request via mail to:
• TALX Corporation
ATTN: Employment Data Report Dept 19-10
11432 Lackland Road
St. Louis, Missouri 63146
• Or, you may contact them at
http://www.theworknumber.com
• or call 800-996-7566.
LOG-MD.com

22. RoboCalls
• They are annoying
• Your Cell provider offers a service for around
$3/mo.
• There are apps for your phone too, also
around $3/mo.
• It is about all you can do until Congress
changes the law
– So send them an email and/or call them
LOG-MD.com

23. Email.. Is EVIL
• Please learn NOT to open attachments
• Or click on Links/URLs in emails
LOG-MD.com

24. Passwords
• Use a Password Manager
• LastPass is my favorite
• DON’T REUSE PASSWORDS
• Different for every website
LOG-MD.com

25. Two-Factor - MFA
• Anywhere you can USE IT !!!
• It is an App on your phone that provides an
expiring token every minute that you enter in
websites or applications that support it
• Even if you password is stolen, if you are using
2-Factor then they would need your phone to
get the tokens
• Google Authenticator for LastPass is awesome
LOG-MD.com

26. Questions
• You can find us on the Twitters
– @HackerHurricane
– @Boettcherpwned
• LOG-MD.com
• MalwareArchaeology.com
• Preso will be on SlideShare and linked on
MalwareArchaeology.com
• Listen to the BDIR PodCast to hear more on email phishing
– BDIRPodcast.com
LOG-MD.com