Forensic Files Series
The Case of the Mistaken Malware
Business background
Small retailer operates one
main store, multiple satellite
stores, and two corporate
offices.
All site...
Business background
During a routine anti-virus log
review, in-house IT staff
member finds Sirefef rootkit at
satellite st...
What is a rootkit?
A rootkit is a type of
malicious software
activated each time a
system boots up.
They are difficult to ...
How hackers got in
Compromised the credentials
for the remote access
application, LogMeIn.
Installed Sirefef, a sophistica...
Forensic investigator findings
Investigator finds the Sirefef rootkit
did not actually steal customer credit
cards.
Furthe...
What is a memory scraper?
A memory scraper is designed to capture,
or ‘scrape’ sensitive information from
system memory (R...
What the business did wrong
Retailer didn’t employ
two-factor authentication to
secure remote access into their
main store...
What’s 2-factor authentication?
Two factor authentication is
an extra layer of security
that requires not only a
password ...
What the business did wrong
Although they regularly
reviewed anti-virus logs, IT
staff did not regularly update
anti-virus...
What the business did wrong
In addition, the credit card
processing environment was
not segmented away from
routine Intern...
SecurityMetrics
We Protect Business
Services
PCI, HIPAA, & data
security solutions for
businesses of all
sizes
Qualificati...
Upcoming SlideShare
Loading in …5
×

The Case of the Mistaken Malware

419 views
333 views

Published on

Published in: Technology, Business
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
419
On SlideShare
0
From Embeds
0
Number of Embeds
129
Actions
Shares
0
Downloads
1
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

The Case of the Mistaken Malware

  1. 1. Forensic Files Series The Case of the Mistaken Malware
  2. 2. Business background Small retailer operates one main store, multiple satellite stores, and two corporate offices. All sites connected to the same card processing environment.
  3. 3. Business background During a routine anti-virus log review, in-house IT staff member finds Sirefef rootkit at satellite store.
  4. 4. What is a rootkit? A rootkit is a type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system’s operating system has completely booted up.
  5. 5. How hackers got in Compromised the credentials for the remote access application, LogMeIn. Installed Sirefef, a sophisticated rootkit that can spread spam or capture sensitive information such as passwords or credit card data.
  6. 6. Forensic investigator findings Investigator finds the Sirefef rootkit did not actually steal customer credit cards. Further investigation revealed a memory scraper called Alina (installed by the same hacker), designed specifically to capture payment information from POS terminals.
  7. 7. What is a memory scraper? A memory scraper is designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. The Alina memory scraper can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
  8. 8. What the business did wrong Retailer didn’t employ two-factor authentication to secure remote access into their main store, satellites, and corporate offices.
  9. 9. What’s 2-factor authentication? Two factor authentication is an extra layer of security that requires not only a password and username but also something only the user should know/have (e.g., a fingerprint).
  10. 10. What the business did wrong Although they regularly reviewed anti-virus logs, IT staff did not regularly update anti-virus program and system security patches.
  11. 11. What the business did wrong In addition, the credit card processing environment was not segmented away from routine Internet traffic.
  12. 12. SecurityMetrics We Protect Business Services PCI, HIPAA, & data security solutions for businesses of all sizes Qualifications Global provider of ASV, QSA, PFI, PA QSA, P2PE services Experience Assisted over 1 million organizations with compliance needs

×