SlideShare uma empresa Scribd logo

The Case of the Mistaken Malware

Transferir como PPTX, PDF
SecurityMetrics
SecurityMetrics
TecnologiaNegócios
1 de 12
© 2016 SecurityMetrics The Case of the Mistaken Malware Forensic Files Series
BUSINESS BACKGROUND All sites connected to the same card processing environment. Small retailer operates one main store, multiple satellite stores, and two corporate offices.
BUSINESS BACKGROUND During a routine anti-virus log review, in-house IT staff member finds Sirefef rootkit at satellite store.
WHAT IS A ROOTKIT? A rootkit is a type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system’s operating system has completely booted up.
HOW HACKERS GOT IN Compromised the credentials for the remote access application, LogMeIn. Installed Sirefef, a sophisticated rootkit that can spread spam or capture sensitive information such as passwords or credit card data.
FORENSIC INVESTIGATOR FINDINGS Investigator finds the Sirefef rootkit did not actually steal customer credit cards. Further investigation revealed a memory scraper called Alina (installed by the same hacker), designed specifically to capture payment information from POS terminals.
WHAT IS A MEMORY SCRAPER? A memory scraper is designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. The Alina memory scraper can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
WHAT THE BUSINESS DID WRONG Retailer didn’t employ two-factor authentication to secure remote access into their main store, satellites, and corporate offices.
WHAT’S TWO-FACTOR AUTHENTICATION? Two factor authentication is an extra layer of security that requires not only a password and username but also something only the user should know/have (e.g., a fingerprint).
WHAT THE BUSINESS DID WRONG Although they regularly reviewed anti-virus logs, IT staff did not regularly update anti-virus program and system security patches.
WHAT THE BUSINESS DID WRONG In addition, the credit card processing environment was not segmented away from routine Internet traffic. Internet Firewall Wireless Device Network Switch Terminal Office Computer Printer Mobile Hotspot
www.securitymetrics.com Wenlock Free VP Business Development wfree@securitymetrics.com

Recomendados

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsSecurityMetrics
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
DeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AIDeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AIAlejandro Correa Bahnsen, PhD
 
black hat deephish
black hat deephishblack hat deephish
black hat deephishAlejandro Correa Bahnsen, PhD
 
5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP SystemMichael Cunningham
 
Black Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime SeasonBlack Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime SeasonTenable Network Security
 
Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection SumanthKommineni
 
2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence PackageMike Maziarka
 

Recomendados

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsSecurityMetrics
 
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?Alejandro Correa Bahnsen, PhD
 
DeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AIDeepPhish: Simulating malicious AI
DeepPhish: Simulating malicious AIAlejandro Correa Bahnsen, PhD
 
black hat deephish
black hat deephishblack hat deephish
black hat deephishAlejandro Correa Bahnsen, PhD
 
5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP System5 Types of Insider Threats and How to Detect them in Your ERP System
5 Types of Insider Threats and How to Detect them in Your ERP SystemMichael Cunningham
 
Black Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime SeasonBlack Friday Kicks Off Holiday Cyber-Crime Season
Black Friday Kicks Off Holiday Cyber-Crime SeasonTenable Network Security
 
Insider theft detection
Insider theft detection Insider theft detection
Insider theft detection SumanthKommineni
 
2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence Package2016 Gaming Industry Intelligence Package
2016 Gaming Industry Intelligence PackageMike Maziarka
 
Past, Present & Future of Credentials Theft
Past, Present & Future of Credentials TheftPast, Present & Future of Credentials Theft
Past, Present & Future of Credentials TheftLavi Lazarovitz
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesPriyanka Aash
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk ProtectionDigital Shadows
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingHarishBabuKaveri
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationIntel IT Center
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-Nikki Alexander
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss DetectionDigital Shadows
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachCBIZ Risk & Advisory Services
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirateswebnowires
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Intel IT Center
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Hostwebhostingguy
 
Security Threat Presentation
Security Threat PresentationSecurity Threat Presentation
Security Threat PresentationRobert Giannini
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M85h1vang
 
ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 

Mais conteúdo relacionado

Mais procurados

Past, Present & Future of Credentials Theft
Past, Present & Future of Credentials TheftPast, Present & Future of Credentials Theft
Past, Present & Future of Credentials TheftLavi Lazarovitz
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesPriyanka Aash
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk ProtectionDigital Shadows
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationIntel IT Center
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-Nikki Alexander
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Albert Hui
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachGowling WLG
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachCBIZ Risk & Advisory Services
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirateswebnowires
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Intel IT Center
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersUnited Security Providers AG
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Hostwebhostingguy
 
Security Threat Presentation
Security Threat PresentationSecurity Threat Presentation
Security Threat PresentationRobert Giannini
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOCRoberto Sponchioni
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...SBWebinars
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M85h1vang
 

Mais procurados (20)

Past, Present & Future of Credentials Theft
Past, Present & Future of Credentials TheftPast, Present & Future of Credentials Theft
Past, Present & Future of Credentials Theft
 
Digital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ OverviewDigital Shadows SearchLight™ Overview
Digital Shadows SearchLight™ Overview
 
The State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ WebsitesThe State of End-User Security—Global Data from 30,000+ Websites
The State of End-User Security—Global Data from 30,000+ Websites
 
WTF is Digital Risk Protection
WTF is Digital Risk ProtectionWTF is Digital Risk Protection
WTF is Digital Risk Protection
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Disrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User AuthenticationDisrupt Hackers With Robust User Authentication
Disrupt Hackers With Robust User Authentication
 
Cloud computing's notorious nine-
Cloud computing's notorious nine-Cloud computing's notorious nine-
Cloud computing's notorious nine-
 
Data Loss Detection
Data Loss DetectionData Loss Detection
Data Loss Detection
 
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
 
Ransomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breachRansomware: Prevention, privacy and your options post-breach
Ransomware: Prevention, privacy and your options post-breach
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
 
Patches Arrren't Just for Pirates
Patches Arrren't Just for PiratesPatches Arrren't Just for Pirates
Patches Arrren't Just for Pirates
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer Malware
 
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
 
What Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security ProvidersWhat Cybercriminals Want: Company Data – by United Security Providers
What Cybercriminals Want: Company Data – by United Security Providers
 
Hackers Hit Web Host
Hackers Hit Web HostHackers Hit Web Host
Hackers Hit Web Host
 
Security Threat Presentation
Security Threat PresentationSecurity Threat Presentation
Security Threat Presentation
 
The only way to survive is to automate your SOC
The only way to survive is to automate your SOCThe only way to survive is to automate your SOC
The only way to survive is to automate your SOC
 
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
 
Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8Owasp Mobile Top 10 - M7 & M8
Owasp Mobile Top 10 - M7 & M8
 

Semelhante a The Case of the Mistaken Malware

ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxdawitTerefe5
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryInvincea, Inc.
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackEMC
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hackingparag101
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Security
 
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptxHow Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptxCompanySeceon
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and SpywaresAnkit Mistry
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxAmardeepKumar621436
 
The Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify themThe Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify themInstaSafe Technologies
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smartKanha Sahu
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewRobert Herjavec
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUUniversity of Essex
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaperhanniw79
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?Tyler Shields
 
System hacking
System hackingSystem hacking
System hackingCAS
 

Semelhante a The Case of the Mistaken Malware (20)

ransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptxransomware keylogger rootkit.pptx
ransomware keylogger rootkit.pptx
 
PoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail IndustryPoS Malware and Other Threats to the Retail Industry
PoS Malware and Other Threats to the Retail Industry
 
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the HaystackAdvanced Threats in the Enterprise: Finding an Evil in the Haystack
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
 
Parag presentation on ethical hacking
Parag presentation on ethical hackingParag presentation on ethical hacking
Parag presentation on ethical hacking
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion GuidePanda Adaptive Defense 360 - Cyber Extortion Guide
Panda Adaptive Defense 360 - Cyber Extortion Guide
 
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptxHow Seceon could have stopped the Ransomware roll over Kaseya.pptx
How Seceon could have stopped the Ransomware roll over Kaseya.pptx
 
Keyloggers and Spywares
Keyloggers and SpywaresKeyloggers and Spywares
Keyloggers and Spywares
 
Security Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptxSecurity Threats and Vulnerabilities-2.pptx
Security Threats and Vulnerabilities-2.pptx
 
The Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify themThe Most Common Enterprise Malware and how to identify them
The Most Common Enterprise Malware and how to identify them
 
Spyware risk it's time to get smart
Spyware risk it's time to get smartSpyware risk it's time to get smart
Spyware risk it's time to get smart
 
LIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR OverviewLIFT OFF 2017: Ransomware and IR Overview
LIFT OFF 2017: Ransomware and IR Overview
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EUAnatomy of a breach - an e-book by Microsoft in collaboration with the EU
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
 
SDK Whitepaper
SDK WhitepaperSDK Whitepaper
SDK Whitepaper
 
Cybersecurity Training
Cybersecurity TrainingCybersecurity Training
Cybersecurity Training
 
Day2.pptx
Day2.pptxDay2.pptx
Day2.pptx
 
IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?IQT 2010 - The App Does That!?
IQT 2010 - The App Does That!?
 
Basics of hacking
Basics of hackingBasics of hacking
Basics of hacking
 
System hacking
System hackingSystem hacking
System hacking
 

Mais de SecurityMetrics

Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementSecurityMetrics
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach SecurityMetrics
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical DevicesSecurityMetrics
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditSecurityMetrics
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101SecurityMetrics
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? SecurityMetrics
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisSecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA AuditSecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesSecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? SecurityMetrics
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data BreachSecurityMetrics
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeSecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptSecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkSecurityMetrics
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationSecurityMetrics
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?SecurityMetrics
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessSecurityMetrics
 

Mais de SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
The Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless InvestigationThe Case of the Suspiciously Flawless Investigation
The Case of the Suspiciously Flawless Investigation
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 

Último

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking MenDelhi Call girls
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...gurkirankumar98700
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 

Último (20)

Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men08448380779 Call Girls In Friends Colony Women Seeking Men
08448380779 Call Girls In Friends Colony Women Seeking Men
 
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
Kalyanpur ) Call Girls in Lucknow Finest Escorts Service 🍸 8923113531 🎰 Avail...
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 

The Case of the Mistaken Malware

  • 1. © 2016 SecurityMetrics The Case of the Mistaken Malware Forensic Files Series
  • 2. BUSINESS BACKGROUND All sites connected to the same card processing environment. Small retailer operates one main store, multiple satellite stores, and two corporate offices.
  • 3. BUSINESS BACKGROUND During a routine anti-virus log review, in-house IT staff member finds Sirefef rootkit at satellite store.
  • 4. WHAT IS A ROOTKIT? A rootkit is a type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system’s operating system has completely booted up.
  • 5. HOW HACKERS GOT IN Compromised the credentials for the remote access application, LogMeIn. Installed Sirefef, a sophisticated rootkit that can spread spam or capture sensitive information such as passwords or credit card data.
  • 6. FORENSIC INVESTIGATOR FINDINGS Investigator finds the Sirefef rootkit did not actually steal customer credit cards. Further investigation revealed a memory scraper called Alina (installed by the same hacker), designed specifically to capture payment information from POS terminals.
  • 7. WHAT IS A MEMORY SCRAPER? A memory scraper is designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. The Alina memory scraper can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
  • 8. WHAT THE BUSINESS DID WRONG Retailer didn’t employ two-factor authentication to secure remote access into their main store, satellites, and corporate offices.
  • 9. WHAT’S TWO-FACTOR AUTHENTICATION? Two factor authentication is an extra layer of security that requires not only a password and username but also something only the user should know/have (e.g., a fingerprint).
  • 10. WHAT THE BUSINESS DID WRONG Although they regularly reviewed anti-virus logs, IT staff did not regularly update anti-virus program and system security patches.
  • 11. WHAT THE BUSINESS DID WRONG In addition, the credit card processing environment was not segmented away from routine Internet traffic. Internet Firewall Wireless Device Network Switch Terminal Office Computer Printer Mobile Hotspot
  • 12. www.securitymetrics.com Wenlock Free VP Business Development wfree@securitymetrics.com

Notas do Editor

  1. The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss. What is the PCI DSS? The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data. Who is required to comply with PCI DSS? All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
  2. The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss. What is the PCI DSS? The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data. Who is required to comply with PCI DSS? All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
  3. The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss. What is the PCI DSS? The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data. Who is required to comply with PCI DSS? All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.