Recent PCI Hacks
•Transferir como PPT, PDF•
0 gostou•1,586 visualizações
Recent Payment Card Industry Hacks
Recomendados
Recomendados
Mais conteúdo relacionado
Mais procurados
Mais procurados (20)
Destaque
Destaque (20)
Semelhante a Recent PCI Hacks
Semelhante a Recent PCI Hacks (20)
Mais de Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master
Mais de Muhammad Faisal Naqvi, CISSP, CISA, AMBCI, ITIL, ISMS LA n Master (11)
Último
Último (20)
Recent PCI Hacks
- 1. Recent Payment Card Industry Hacks Techniques used; & possible Defense Muhammad Faisal Naqvi CISSP, CISA, ISO27K LA & MI, ISO20K I, AMBCI ACMA inter, MS E-Commerce (Gold)
- 2. Agenda • MOM Analysis (Motives, Opportunities & Means) • International Incidents • Regional Incidents • Statistics about Payment Card Industry Hacks • Who are the Culprits? • What are the Motives? • What are the Means? • Which Assets are under Attack? • What could be Possible Defense?
- 4. Banking data stolen from Millions • News Date: 04 April 2012 • Country: UK • Means: Trojans e.g. Zeus & Spyeye to collect personal details • Opportunity: Social Engineering • Motive: Fun, curiosity, or pride ($3,800 in 20 Months) • Source: www.theregister.co.uk
- 5. Attack on one-time-passwords on mobile • News Date: 15 March 2012 • Country: USA • Means: 1. Used Gozi Trojan to steal IMEI # of Account Holder 2. Report about lost/ stolen device & new SIM request 3. All one-time-passwords will come on new SIM • Opportunity: partner’s weak processes • Source: www.computerworld.com
- 6. Millions customers of famous Bank at risk NFC attack • News Date: 23 March 2012 • Country: UK • Means: Contactless readers in mobile phones to extract card data even through wallets or bags • Opportunity: • Excessive card details • Weak merchant process • Motive: Online Shopping • Source: www.channel4.com
- 7. Gang of 50 steals at least $7 million • News Date: 11 May 2012 • Country: Canada • Means: Installing Skimmers on stolen POS Machines in < 1 Hr. • Opportunity: • Physical Security • Lack of Monitoring • Motive: $7 million • Source: www.wired.com
- 8. 111 Arrested In Identity Theft Probe • News Date: 10 October 2011 • Country: USA • Means: bank tellers, retail workers, waiters • Opportunity: Weak processes • Motive: $13m in 16 Months • Source: www.bbc.co.uk Thermal Image showing sequence of keys pressed
- 9. Hackers Skim Customers’ Credit Cards via Self-Checkout • News Date: 7 December 2011 • Country: USA • Means: Skimmers • Opportunity: Physical Security • Motive: Financial gain • Source: news.cnet.com
- 10. Gang Used 3D Printers for Skimmers • News Date: 20 September 2011 • Country: USA • Means: 3D Printed Skimmers • Opportunity: Physical Security • Motive: $400,000 • Source: krebsonsecurity.com
- 11. Adult web site breached 40,000 Cards data • News Date: 12 March 2012 • Country: USA • Means: Server Hack • Opportunity: ? • Motive: 40,000 CC numbers, expiry dates, security codes along with user IDs, email addresses, passwords. • Source: www.scmagazine.com
- 12. More than 10 million cards may have been compromised • News Date: 30 March 2012 • Country: USA • Means: Servers Hacked • Opportunity: ? • Motive: Track 2 data (card's primary account number, expiration date, service code, PIN and CVV number) • Source: www.bbc.com
- 13. Gang stole $13 million in a day • News Date: 26 August 2011 • Country: USA, Greece, Russia, Spain, Sweden, Ukraine, UK • Means: Remote Access to prepaid cards database update cards set bal = 10000 where ccno=12345678910 • Opportunity: Stolen credentials • Motive: $13 million • Source: www.msnbc.msn.com
- 14. Simple URL manipulation affected over 360,000 cards & $2.7M • News Date: 27 June 2011 • Country: USA • Means: script • Opportunity: Insecure Direct Object References https://www.onlinebank.com/user?acct=6065 • Motive: $2.7M • Source: www.informationweek.com
- 17. Saudi (claimed) Hackers Expose 15,000 Israelis' Credit Cards • News Date: 01 January 2012 • Country: Israel • Means: Sports Web Site • Opportunity: ? • Motive: Hacktivism • Source: www.israelnationalnews.com • Hacker died just after 2 days of getting Govt. Job • www.emirates247.com
- 18. Two hospital employees arrested on credit card fraud charges • News Date: April 10, 2012 • Country: UAE • Means: Online Shopping • Opportunity: Visible Credit Card Information • Motive: Dh9,300 • Source: gulfnews.com
- 19. Police arrest suspect for credit card forgery • News Date: 26 April 2011 • Country: UAE • Means: Expired cards, card copier, card data from web • Opportunity: • Motive: Financial • Source: gulfnews.com
- 20. Statistics about Payment Card Industry Hacks Source: 2012 Data Breach Investigation Report
- 21. Culprits Source: 2012 Data Breach Investigation Report
- 22. External Culprits Source: 2012 Data Breach Investigation Report
- 23. Internal Culprits Source: 2012 Data Breach Investigation Report
- 24. Motives Source: 2012 Data Breach Investigation Report
- 25. Means Source: 2012 Data Breach Investigation Report
- 26. Assets Source: 2012 Data Breach Investigation Report
- 27. Hacks Possible Defense • Social engineering • Automated social pen testing • Fake Online Transactions • Balance between Business & Security • POS Skimming • Disconnection logs Bar-coded tamper evident seals • ATM Skimming • Anti skimming solutions • Servers/Applications/DBs • Information Security, Pen testing & Audits
- 29. Thank You