SlideShare une entreprise Scribd logo

The Shifting Landscape of PoS MalwareOutput

Silas Cutler
Silas Cutler

The document discusses the shifting landscape of point-of-sale (POS) malware. It covers the rise of commodity POS malware kits that are cheap and available online. It also discusses targeted breaches like the one against Target in 2013 where tailored malware was used to steal payment card data from their POS systems. Looking forward, the document discusses how the liability shift for EMV compliance in October 2015 and migration to tokenization systems may help address POS payment card theft going forward.

Internet
1  sur  27
Télécharger pour lire hors ligne
Silas Cutler: Sr. Security Researcher The Shifting Landscape of PoS Malware
INTRO 2015 CrowdStrike, Inc. All rights reserved. Current •CrowdStrike - Sr. Security Researcher •Malshare •Project 25499 •RIT Honeynet Project Contact •Twitter : @SilasCutler / @CrowdStrike •Email : Silas.Cutler@Gmail.com / Silas.Cutler@CrowdStrike.com
AGENDA 1. Technical Overview 2. Rise of the Commodity Brands 3. Targeted Breaches 4. Looking Forward 5. Questions 2015 CrowdStrike, Inc. All rights reserved. The Shifting Landscape of PoS Malware
Introduction PoS Malware 2015 CrowdStrike, Inc. All rights reserved. • Malware designed to steal credit card data from Point-of-Sale (PoS) terminals • PoS Terminals • Out-of-date software • Limited technical support • Appliance mentality • Plug it in and replace it when it breaks
2014 Breaches - Short List 2015 CrowdStrike, Inc. All rights reserved. Sally Beauty Michaels Goodwill Dairy Queen UPS SuperValu Home Depot Staples Neiman Marcus Bebe Kmart Albertsons Jimmy Johns P.F. Changes Shaw’s and Star Market …
Introduction PoS Malware 2015 CrowdStrike, Inc. All rights reserved. • Cards sold in online marketplaces. • Often sold in bulk • Payment : Perfect Money / Bitcoin Webmoney / etc • Cards: • US Credit/Debit: $20/each • UK Credit/Debit: $35/each • Bank Logins (BoA): • Balance > $3k = $100 • Balance > $11k = $300 • Cash out schemes / Mules / Sellers and buyers
2015 CrowdStrike, Inc. All rights reserved. Technical Overview The Shifting Landscape of PoS Malware
2015 CrowdStrike, Inc. All rights reserved. MAGNETIC STRIPS %B6011898748579348^DOE/ JOHN^37829821000123000789? ;6011898748579348=1412101110000000000?* ;011234567890123445=724724100000000000030300XXXX040400099010=******==1=0000000000000000?* ISO / IEC 4909:2006 • Defines standard format for track data on Credit Cards
2015 CrowdStrike, Inc. All rights reserved. TRACK DATA Track 1: %B6011898748579348^DOE/ JOHN^14121011000000000000001230000?* Track 2: ;6011898748579348=1412101110000000000?* Index: • % – Start Sentinel • B – Format Code • 6011898748579348 – Card Number • ^ – Field Separator • DOE/ JOHN – Cardholder name • 1412 – Expiration Date (2014 – Dec) • 1100 – Encrypted Pin • 123 – CVV Number • ? – End Sentinel
MEMORY SCRAPING 2015 CrowdStrike, Inc. All rights reserved. 1. Enumerates Processes – CreateToolhelp32Snapshot() / Process32Next() 2. Open and Read process memory – OpenProcess() / VirtualQueryEx() / ReadProcessMemory() 3. Search for Track Data 4. Validation – Luhn Algorithm / Mod 10 – Expiration Date Check
2015 CrowdStrike, Inc. All rights reserved. Rise of the Commodity The Shifting Landscape of PoS Malware
Commodity PoS Malware 2015 CrowdStrike, Inc. All rights reserved. • Highlights • Off-the-shelf kits • Communicate via HTTP request • Price < $1k • Source code for several publicly available • Names: • Alina • Dexter • vSkimmer • Backoff • JackPoS • POSCardStealer
2013 CrowdStrike, Inc. All rights reserved. ARCHITECTURE Control Server Infected hosts •Traditional Client / Server architecture – Infected hosts beacon and send data to control server – Replies from server contain status / command instructions •Communicates over HTTP requests •Operator views bots via web portal – Can send some basic commands
Spreading 2015 CrowdStrike, Inc. All rights reserved. • Brute-forcing Remote Management • User/Password Lists tailored for PoS systems • PcAnyWhere • VNC • Remote Desktop • LogMeIn • Phishing • Vendor Targeting * • Exploitation of Opportunity
2015 CrowdStrike, Inc. All rights reserved. Targeted Breaches The Shifting Landscape of PoS Malware
What makes it targeted 2015 CrowdStrike, Inc. All rights reserved. • [ Quality of Malware ] != Targeted • Tailored options ( Implants designed to work in one infrastructure) • Only targets specific PoS terminal types • Logs to Internal IP addresses • Forensic countermeasures • Limited client-side controls*
2014 Players 2015 CrowdStrike, Inc. All rights reserved. • FrameWork PoS • Called BlackPoS 2.0 by Trend Micro • Limited Distribution • Exfiltration done using SMB shared drives • Hard coded credentials • Contains links to Anti-US websites • Mozart PoS • Limited Distribution • Specifically designed to work against Java based PoS solutions • Designed to look like a PoS remote monitor service from NCR • Contains links to Anti-US websites
Case Study: Target 2015 CrowdStrike, Inc. All rights reserved. • Initial statement released 19 December 2013 • 40 Million Credit Cards stolen • PII for up to 70 Million individuals • Statement stated “criminals forced their way into our system, gaining access to guest credit and debit card information” • Largest hack of a US retailer’s PoS infrastructure
Case Study: Target 2015 CrowdStrike, Inc. All rights reserved. • PoS infrastructure was directly targeted • Malware used was Kaptoxa (mmon) • Part of BlackPoS malware • Traces back to 2010 • Data pushed stolen data to an internal drop-site • Used credentials to authenticate to internal SMB file store • leveraged stolen HVAC credentials • Internal Drop-sites exfiltrated data to external FTP server • Adversary may have known sensitive details about Target’s infrastructure
2015 CrowdStrike, Inc. All rights reserved. Looking Forward The Shifting Landscape of PoS Malware
Looking Forward 2015 CrowdStrike, Inc. All rights reserved. • October 2015 Liability Shift • “ The party that has made investment in EMV deployment is protected from financial liability for card-present counterfeit fraud losses on this date. If neither or both parties are EMV compliant, the fraud liability remains the same as it is today.” [1] • Tokenization of Payment Methods • iPay • Google Wallet [1]http://www.emv-connection.com/emv-migration-driven-by-payment-brand-milestones/
2015 CrowdStrike, Inc. All rights reserved. QUESTIONS The Shifting Landscape of PoS Malware
YOU DON’T HAVE A MALWARE PROBLEM, YOU HAVE AN ADVERSARY PROBLEM 2015 CrowdStrike, Inc. All rights reserved.

Recommandé

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsSurfWatch Labs
 
More zBang for the zBuck
More zBang for the zBuckMore zBang for the zBuck
More zBang for the zBuckAndy Thompson
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...SecureAuth
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareSai Kesavamatham
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 

Recommandé

Combating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutCombating Insider Threats – Protecting Your Agency from the Inside Out
Combating Insider Threats – Protecting Your Agency from the Inside OutLancope, Inc.
 
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsUsing SurfWatch Labs' Threat Intelligence to Understand Dark Web Threats
Using SurfWatch Labs' Threat Intelligence to Understand Dark Web ThreatsSurfWatch Labs
 
More zBang for the zBuck
More zBang for the zBuckMore zBang for the zBuck
More zBang for the zBuckAndy Thompson
 
Fade from Whitehat... to Black
Fade from Whitehat... to BlackFade from Whitehat... to Black
Fade from Whitehat... to BlackBeau Bullock
 
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ..."Is your browser secure? Breaking cryptography in PKI based systems, opening ...
"Is your browser secure? Breaking cryptography in PKI based systems, opening ...PROIDEA
 
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...
Protecting the Keys to the Kingdom - The Case for Adaptive Authentication for...SecureAuth
 
IOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareIOCs for modern threat landscape-slideshare
IOCs for modern threat landscape-slideshareSai Kesavamatham
 
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...
Deploying, Managing, and Leveraging Honeypots in the Enterprise using Open So...Jason Trost
 
Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Securing Your Mobile Applications
Securing Your Mobile ApplicationsSecuring Your Mobile Applications
Securing Your Mobile ApplicationsGreg Patton
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsBeau Bullock
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?ThreatConnect
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1Mike Stone
 
It security
It securityIt security
It securityLars Krag Kongsgaard
 
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...CloudCamp Chicago
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Chi En (Ashley) Shen
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Tony Cook
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceJason Trost
 
Webinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesWebinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesKelsey LaBelle (She Her)
 
501 ch 1 mastering security basics
501 ch 1 mastering security basics501 ch 1 mastering security basics
501 ch 1 mastering security basicsgocybersec
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 
Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через AndroidРосійські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Androidtsnua
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 

Contenu connexe

Tendances

Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Spyglass Security
 
Securing Your Mobile Applications
Securing Your Mobile ApplicationsSecuring Your Mobile Applications
Securing Your Mobile ApplicationsGreg Patton
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsBeau Bullock
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?ThreatConnect
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleGuardicore
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsSpyglass Security
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Security Innovation
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1Mike Stone
 
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...CloudCamp Chicago
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceJason Trost
 
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Chi En (Ashley) Shen
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Tony Cook
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15Benjamin D. Brooks, CISSP
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...EC-Council
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...NCCOMMS
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceJason Trost
 
Webinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesWebinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesKelsey LaBelle (She Her)
 
501 ch 1 mastering security basics
501 ch 1 mastering security basics501 ch 1 mastering security basics
501 ch 1 mastering security basicsgocybersec
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiJeremy Li
 

Tendances (20)

Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2Hunting: Defense Against The Dark Arts v2
Hunting: Defense Against The Dark Arts v2
 
Securing Your Mobile Applications
Securing Your Mobile ApplicationsSecuring Your Mobile Applications
Securing Your Mobile Applications
 
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency EcosystemsA Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
A Look Into Emerging Security Issues Within Cryptocurrency Ecosystems
 
Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?Does a Bear Leak in the Woods?
Does a Bear Leak in the Woods?
 
Conclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at ScaleConclusions from Tracking Server Attacks at Scale
Conclusions from Tracking Server Attacks at Scale
 
Hunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark ArtsHunting: Defense Against The Dark Arts
Hunting: Defense Against The Dark Arts
 
Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)Protecting Sensitive Data (and be PCI Compliant too!)
Protecting Sensitive Data (and be PCI Compliant too!)
 
Plain talk about security public - ms1
Plain talk about security public - ms1Plain talk about security public - ms1
Plain talk about security public - ms1
 
It security
It securityIt security
It security
 
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
CloudCamp Chicago lightning talk: "Security and Sanity in the HIPAA-Compliant...
 
SANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat IntelligenceSANS CTI Summit 2016 Borderless Threat Intelligence
SANS CTI Summit 2016 Borderless Threat Intelligence
 
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
Catching the Golden Snitch- Leveraging Threat Intelligence Platforms to Defen...
 
Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016Avoiding the Pitfalls of Hunting - BSides Charm 2016
Avoiding the Pitfalls of Hunting - BSides Charm 2016
 
IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15IMA - Anatomy of an Attack - Presentation- 28Aug15
IMA - Anatomy of an Attack - Presentation- 28Aug15
 
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
TakeDownCon Rocket City: “White Hat Anonymity”: Current challenges security r...
 
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
CSF18 - Through a Mirror Darkly- a journey to the dark side of metadata - Sas...
 
Anomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat IntelligenceAnomali Detect 2016 - Borderless Threat Intelligence
Anomali Detect 2016 - Borderless Threat Intelligence
 
Webinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting FilesWebinar: True Stories From the Threat Hunting Files
Webinar: True Stories From the Threat Hunting Files
 
501 ch 1 mastering security basics
501 ch 1 mastering security basics501 ch 1 mastering security basics
501 ch 1 mastering security basics
 
Discover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy LiDiscover advanced threats with threat intelligence - Jeremy Li
Discover advanced threats with threat intelligence - Jeremy Li
 

En vedette

Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через AndroidРосійські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Androidtsnua
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackPriyanka Aash
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsCrowdStrike
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdStrike
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdStrike
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeCrowdStrike
 
Magnetic stripe on the back of credit card
Magnetic stripe on the back of credit cardMagnetic stripe on the back of credit card
Magnetic stripe on the back of credit cardVaishnavi
 

En vedette (7)

Російські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через AndroidРосійські хакери стежили за артилерією ЗСУ через Android
Російські хакери стежили за артилерією ЗСУ через Android
 
Hacking Exposed: The Mac Attack
Hacking Exposed: The Mac AttackHacking Exposed: The Mac Attack
Hacking Exposed: The Mac Attack
 
Hacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted ThreatsHacking Exposed Live: Mobile Targeted Threats
Hacking Exposed Live: Mobile Targeted Threats
 
CrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing IntelligenceCrowdCast Monthly: Operationalizing Intelligence
CrowdCast Monthly: Operationalizing Intelligence
 
CrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary ProblemCrowdCasts Monthly: You Have an Adversary Problem
CrowdCasts Monthly: You Have an Adversary Problem
 
How to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrikeHow to Replace Your Legacy Antivirus Solution with CrowdStrike
How to Replace Your Legacy Antivirus Solution with CrowdStrike
 
Magnetic stripe on the back of credit card
Magnetic stripe on the back of credit cardMagnetic stripe on the back of credit card
Magnetic stripe on the back of credit card
 

Similaire à The Shifting Landscape of PoS MalwareOutput

Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Andrew Hammond
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Niel Dunnage
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud AttacksImperva
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsMayank Dhiman
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskSurfWatch Labs
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOsama Mustafa
 
501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacksgocybersec
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdStrike
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to executionAlgoSec
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesGokul Alex
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...North Texas Chapter of the ISSA
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alAlert Logic
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsAlert Logic
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017TriNimbus
 

Similaire à The Shifting Landscape of PoS MalwareOutput (20)

Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...Have the Bad Guys Won the Cyber security War...
Have the Bad Guys Won the Cyber security War...
 
Quant & Crypto Gold
Quant & Crypto GoldQuant & Crypto Gold
Quant & Crypto Gold
 
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
 
Cyber Security Predictions 2016
Cyber Security Predictions 2016Cyber Security Predictions 2016
Cyber Security Predictions 2016
 
Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2Fighting cyber fraud with hadoop v2
Fighting cyber fraud with hadoop v2
 
Man in the Cloud Attacks
Man in the Cloud AttacksMan in the Cloud Attacks
Man in the Cloud Attacks
 
Breaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection SolutionsBreaking Fraud & Bot Detection Solutions
Breaking Fraud & Bot Detection Solutions
 
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your RiskHow to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
How to Access and Make Use of “Trapped” Cyber Data to Reduce Your Risk
 
Oracle database threats - LAOUC Webinar
Oracle database threats - LAOUC WebinarOracle database threats - LAOUC Webinar
Oracle database threats - LAOUC Webinar
 
501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks501 ch 7 protecting against advanced attacks
501 ch 7 protecting against advanced attacks
 
CrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the IndicatorCrowdCasts Monthly: Going Beyond the Indicator
CrowdCasts Monthly: Going Beyond the Indicator
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Microsegmentation from strategy to execution
Microsegmentation from strategy to executionMicrosegmentation from strategy to execution
Microsegmentation from strategy to execution
 
All about Hacking
All about HackingAll about Hacking
All about Hacking
 
Cloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and TechniquesCloud Security Engineering - Tools and Techniques
Cloud Security Engineering - Tools and Techniques
 
Cyber attack
Cyber attackCyber attack
Cyber attack
 
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
Luncheon 2016-01-21 - Emerging Threats and Strategies for Defense by Paul Fle...
 
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_alCss sf azure_8-9-17-protecting_web_apps_stephen coty_al
Css sf azure_8-9-17-protecting_web_apps_stephen coty_al
 
CSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web AppsCSS17: Houston - Protecting Web Apps
CSS17: Houston - Protecting Web Apps
 
Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017Web App Security Presentation by Ryan Holland - 05-31-2017
Web App Security Presentation by Ryan Holland - 05-31-2017
 

Dernier

20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdfMatthew Sinclair
 
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋nirzagarg
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftAanSulistiyo
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrHenryBriggs2
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查ydyuyu
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLimonikaupta
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...kajalverma014
 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...SUHANI PANDEY
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Bookingdharasingh5698
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdfMatthew Sinclair
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Delhi Call girls
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...singhpriety023
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdfMatthew Sinclair
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...SUHANI PANDEY
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfJOHNBEBONYAP1
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"growthgrids
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...SUHANI PANDEY
 

Dernier (20)

📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
📱Dehradun Call Girls Service 📱☎️ +91'905,3900,678 ☎️📱 Call Girls In Dehradun 📱
 
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
20240510 QFM016 Irresponsible AI Reading List April 2024.pdf
 
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
💚😋 Salem Escort Service Call Girls, 9352852248 ₹5000 To 25K With AC💚😋
 
Microsoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck MicrosoftMicrosoft Azure Arc Customer Deck Microsoft
Microsoft Azure Arc Customer Deck Microsoft
 
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrStory Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
Story Board.pptxrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrrr
 
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查在线制作约克大学毕业证(yu毕业证)在读证明认证可查
在线制作约克大学毕业证(yu毕业证)在读证明认证可查
 
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRLLucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
Lucknow ❤CALL GIRL 88759*99948 ❤CALL GIRLS IN Lucknow ESCORT SERVICE❤CALL GIRL
 
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
best call girls in Hyderabad Finest Escorts Service 📞 9352988975 📞 Available ...
 
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
Wadgaon Sheri $ Call Girls Pune 10k @ I'm VIP Independent Escorts Girls 80057...
 
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 BookingVIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
VIP Call Girls Himatnagar 7001035870 Whatsapp Number, 24/07 Booking
 
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
20240509 QFM015 Engineering Leadership Reading List April 2024.pdf
 
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
Hire↠Young Call Girls in Tilak nagar (Delhi) ☎️ 9205541914 ☎️ Independent Esc...
 
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
VIP Model Call Girls Hadapsar ( Pune ) Call ON 9905417584 Starting High Prof...
 
20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf20240508 QFM014 Elixir Reading List April 2024.pdf
20240508 QFM014 Elixir Reading List April 2024.pdf
 
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
Ganeshkhind ! Call Girls Pune - 450+ Call Girl Cash Payment 8005736733 Neha T...
 
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdfpdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
pdfcoffee.com_business-ethics-q3m7-pdf-free.pdf
 
APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53APNIC Updates presented by Paul Wilson at ARIN 53
APNIC Updates presented by Paul Wilson at ARIN 53
 
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency""Boost Your Digital Presence: Partner with a Leading SEO Agency"
"Boost Your Digital Presence: Partner with a Leading SEO Agency"
 
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
VIP Model Call Girls NIBM ( Pune ) Call ON 8005736733 Starting From 5K to 25K...
 
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
valsad Escorts Service ☎️ 6378878445 ( Sakshi Sinha ) High Profile Call Girls...
 

The Shifting Landscape of PoS MalwareOutput

  • 1. Silas Cutler: Sr. Security Researcher The Shifting Landscape of PoS Malware
  • 2. INTRO 2015 CrowdStrike, Inc. All rights reserved. Current •CrowdStrike - Sr. Security Researcher •Malshare •Project 25499 •RIT Honeynet Project Contact •Twitter : @SilasCutler / @CrowdStrike •Email : Silas.Cutler@Gmail.com / Silas.Cutler@CrowdStrike.com
  • 3. AGENDA 1. Technical Overview 2. Rise of the Commodity Brands 3. Targeted Breaches 4. Looking Forward 5. Questions 2015 CrowdStrike, Inc. All rights reserved. The Shifting Landscape of PoS Malware
  • 4. Introduction PoS Malware 2015 CrowdStrike, Inc. All rights reserved. • Malware designed to steal credit card data from Point-of-Sale (PoS) terminals • PoS Terminals • Out-of-date software • Limited technical support • Appliance mentality • Plug it in and replace it when it breaks
  • 5. 2014 Breaches - Short List 2015 CrowdStrike, Inc. All rights reserved. Sally Beauty Michaels Goodwill Dairy Queen UPS SuperValu Home Depot Staples Neiman Marcus Bebe Kmart Albertsons Jimmy Johns P.F. Changes Shaw’s and Star Market …
  • 6. Introduction PoS Malware 2015 CrowdStrike, Inc. All rights reserved. • Cards sold in online marketplaces. • Often sold in bulk • Payment : Perfect Money / Bitcoin Webmoney / etc • Cards: • US Credit/Debit: $20/each • UK Credit/Debit: $35/each • Bank Logins (BoA): • Balance > $3k = $100 • Balance > $11k = $300 • Cash out schemes / Mules / Sellers and buyers
  • 7. 2015 CrowdStrike, Inc. All rights reserved. Technical Overview The Shifting Landscape of PoS Malware
  • 8. 2015 CrowdStrike, Inc. All rights reserved. MAGNETIC STRIPS %B6011898748579348^DOE/ JOHN^37829821000123000789? ;6011898748579348=1412101110000000000?* ;011234567890123445=724724100000000000030300XXXX040400099010=******==1=0000000000000000?* ISO / IEC 4909:2006 • Defines standard format for track data on Credit Cards
  • 9. 2015 CrowdStrike, Inc. All rights reserved. TRACK DATA Track 1: %B6011898748579348^DOE/ JOHN^14121011000000000000001230000?* Track 2: ;6011898748579348=1412101110000000000?* Index: • % – Start Sentinel • B – Format Code • 6011898748579348 – Card Number • ^ – Field Separator • DOE/ JOHN – Cardholder name • 1412 – Expiration Date (2014 – Dec) • 1100 – Encrypted Pin • 123 – CVV Number • ? – End Sentinel
  • 10. MEMORY SCRAPING 2015 CrowdStrike, Inc. All rights reserved. 1. Enumerates Processes – CreateToolhelp32Snapshot() / Process32Next() 2. Open and Read process memory – OpenProcess() / VirtualQueryEx() / ReadProcessMemory() 3. Search for Track Data 4. Validation – Luhn Algorithm / Mod 10 – Expiration Date Check
  • 11. 2015 CrowdStrike, Inc. All rights reserved. Rise of the Commodity The Shifting Landscape of PoS Malware
  • 12. Commodity PoS Malware 2015 CrowdStrike, Inc. All rights reserved. • Highlights • Off-the-shelf kits • Communicate via HTTP request • Price < $1k • Source code for several publicly available • Names: • Alina • Dexter • vSkimmer • Backoff • JackPoS • POSCardStealer
  • 13. 2013 CrowdStrike, Inc. All rights reserved. ARCHITECTURE Control Server Infected hosts •Traditional Client / Server architecture – Infected hosts beacon and send data to control server – Replies from server contain status / command instructions •Communicates over HTTP requests •Operator views bots via web portal – Can send some basic commands
  • 14.
  • 15.
  • 16.
  • 17. Spreading 2015 CrowdStrike, Inc. All rights reserved. • Brute-forcing Remote Management • User/Password Lists tailored for PoS systems • PcAnyWhere • VNC • Remote Desktop • LogMeIn • Phishing • Vendor Targeting * • Exploitation of Opportunity
  • 18. 2015 CrowdStrike, Inc. All rights reserved. Targeted Breaches The Shifting Landscape of PoS Malware
  • 19. What makes it targeted 2015 CrowdStrike, Inc. All rights reserved. • [ Quality of Malware ] != Targeted • Tailored options ( Implants designed to work in one infrastructure) • Only targets specific PoS terminal types • Logs to Internal IP addresses • Forensic countermeasures • Limited client-side controls*
  • 20. 2014 Players 2015 CrowdStrike, Inc. All rights reserved. • FrameWork PoS • Called BlackPoS 2.0 by Trend Micro • Limited Distribution • Exfiltration done using SMB shared drives • Hard coded credentials • Contains links to Anti-US websites • Mozart PoS • Limited Distribution • Specifically designed to work against Java based PoS solutions • Designed to look like a PoS remote monitor service from NCR • Contains links to Anti-US websites
  • 21. Case Study: Target 2015 CrowdStrike, Inc. All rights reserved. • Initial statement released 19 December 2013 • 40 Million Credit Cards stolen • PII for up to 70 Million individuals • Statement stated “criminals forced their way into our system, gaining access to guest credit and debit card information” • Largest hack of a US retailer’s PoS infrastructure
  • 22. Case Study: Target 2015 CrowdStrike, Inc. All rights reserved. • PoS infrastructure was directly targeted • Malware used was Kaptoxa (mmon) • Part of BlackPoS malware • Traces back to 2010 • Data pushed stolen data to an internal drop-site • Used credentials to authenticate to internal SMB file store • leveraged stolen HVAC credentials • Internal Drop-sites exfiltrated data to external FTP server • Adversary may have known sensitive details about Target’s infrastructure
  • 23.
  • 24. 2015 CrowdStrike, Inc. All rights reserved. Looking Forward The Shifting Landscape of PoS Malware
  • 25. Looking Forward 2015 CrowdStrike, Inc. All rights reserved. • October 2015 Liability Shift • “ The party that has made investment in EMV deployment is protected from financial liability for card-present counterfeit fraud losses on this date. If neither or both parties are EMV compliant, the fraud liability remains the same as it is today.” [1] • Tokenization of Payment Methods • iPay • Google Wallet [1]http://www.emv-connection.com/emv-migration-driven-by-payment-brand-milestones/
  • 26. 2015 CrowdStrike, Inc. All rights reserved. QUESTIONS The Shifting Landscape of PoS Malware
  • 27. YOU DON’T HAVE A MALWARE PROBLEM, YOU HAVE AN ADVERSARY PROBLEM 2015 CrowdStrike, Inc. All rights reserved.