Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.
What We’re Up Against:
Why Good Guys Do Bad Things
Sherri Davidoff, GCFA, GPEN
LMG Security & BrightWise
June 12, 2019
Who Am I?
§Sherri Davidoff
§“Alien” of “Breaking and Entering”
§18 years as a cybersecurity professional
§CEO of LMG Secur...
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 3
“A trip to Temkin’s is a trip back in time. Abe
was...
§State of Retail Cybersecurity
§The Latest Epidemic – Banking
Trojans
§Protect Yourself & Your Community
Roadmap
www.LMGse...
POS Hacks are Down… but Not Out
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 5
Ecommerce Hacks are On The Rise
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 6
https://arstechnica...
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 7
Loyalty Under Attack
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 8
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 9
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 10
The Cybersecurity Ecosystem
§Customers get hacked
§Vendors get hacked
§Due to security issues on
their OWN networks
§Retai...
The Granddaddy of All Banking Trojans
…Evolved into Much More
§Steal your passwords
§Hijack your online accounts
§Steal your payment card
numbers
§Steal your data
§Control your compute...
Let’s Go Shopping!
We Got a 60-Day Trial License!
Comes With A Manual…
Let’s Infect The Victim
www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 18
Don’t Click!!!
“Heartbeat”
Scan of the Infected Computer
The
malicious
executable
The Attacker’s Dashboard
www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 22
I Know Your Balance
www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 23
Infected
computers
Web sites
A...
Stealing Your Account Passwords
www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 25
Infected Computer: Attacker Sees:
All Your Passwords are Belong to Me!
www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 26
Cached Passwo...
I’m Stealing Your Files
Metered
Exfiltration
I’m Stealing All Your Data
www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 28
I Know When You’re Working
I See You…
www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 30
Victim
Attacker
clicks…
Protect Yourself and Your Community
www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 31
1. Phishing Pr...
Questions?
§Sherri Davidoff / LMG Security
−Email: info@LMGsecurity.com
−Phone: 406-830-3165
−@sherridavidoff
§Find me on
...
You’ve finished this document.
Download and read it offline.
Upcoming SlideShare
What to Upload to SlideShare
Next
Upcoming SlideShare
What to Upload to SlideShare
Next
Download to read offline and view in fullscreen.

Share

P19 what were up against why good guys do bad things_sherri davidoff_6.12.19

Download to read offline

What we're up against: Why good guys do bad things

Related Books

Free with a 30 day trial from Scribd

See all

Related Audiobooks

Free with a 30 day trial from Scribd

See all
  • Be the first to like this

P19 what were up against why good guys do bad things_sherri davidoff_6.12.19

  1. 1. What We’re Up Against: Why Good Guys Do Bad Things Sherri Davidoff, GCFA, GPEN LMG Security & BrightWise June 12, 2019
  2. 2. Who Am I? §Sherri Davidoff §“Alien” of “Breaking and Entering” §18 years as a cybersecurity professional §CEO of LMG Security and BrightWise §Training: Black Hat, FFIEC/FDIC, American Bar Association, DoD & more §COMING SOON! Data Breaches book 2 www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved.
  3. 3. www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 3 “A trip to Temkin’s is a trip back in time. Abe was born in this building in 1922. He and his wife, Annabelle, and daughter Sheila provide old-fashioned customer service.” – The Trenton Times, August 9, 1989 Roots
  4. 4. §State of Retail Cybersecurity §The Latest Epidemic – Banking Trojans §Protect Yourself & Your Community Roadmap www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 4
  5. 5. POS Hacks are Down… but Not Out www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 5
  6. 6. Ecommerce Hacks are On The Rise www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 6 https://arstechnica.com/information-technology/2019/05/more-than-100-commerce-sites-infected-with-code-that-steals-payment-card-data/
  7. 7. www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 7
  8. 8. Loyalty Under Attack www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 8
  9. 9. www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 9
  10. 10. www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 10
  11. 11. The Cybersecurity Ecosystem §Customers get hacked §Vendors get hacked §Due to security issues on their OWN networks §Retailers lose $$ and reputation 11
  12. 12. The Granddaddy of All Banking Trojans
  13. 13. …Evolved into Much More
  14. 14. §Steal your passwords §Hijack your online accounts §Steal your payment card numbers §Steal your data §Control your computer §Install more malware! What Can Banking Trojans Do? www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 14
  15. 15. Let’s Go Shopping!
  16. 16. We Got a 60-Day Trial License!
  17. 17. Comes With A Manual…
  18. 18. Let’s Infect The Victim www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 18
  19. 19. Don’t Click!!!
  20. 20. “Heartbeat”
  21. 21. Scan of the Infected Computer The malicious executable
  22. 22. The Attacker’s Dashboard www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 22
  23. 23. I Know Your Balance www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 23 Infected computers Web sites Account Balances Image source: Manual for Citadel malware
  24. 24. Stealing Your Account Passwords
  25. 25. www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 25 Infected Computer: Attacker Sees:
  26. 26. All Your Passwords are Belong to Me! www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 26 Cached Password stolen from Internet Explorer
  27. 27. I’m Stealing Your Files Metered Exfiltration
  28. 28. I’m Stealing All Your Data www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 28
  29. 29. I Know When You’re Working
  30. 30. I See You… www.LMGsecurity.comCopyright LMG Security 2019. All rights reserved. 30 Victim Attacker clicks…
  31. 31. Protect Yourself and Your Community www.LMGsecurity.comCopyright LMG Security 2017. All rights reserved. 31 1. Phishing Prevention −User Training −Technical Controls 2. Strong Authentication −Two-Factor Authentication −Long Passwords 3. Patch Management 4. Proactive Threat Hunting 5. Outreach/Education
  32. 32. Questions? §Sherri Davidoff / LMG Security −Email: info@LMGsecurity.com −Phone: 406-830-3165 −@sherridavidoff §Find me on 32

What we're up against: Why good guys do bad things

Views

Total views

367

On Slideshare

0

From embeds

0

Number of embeds

0

Actions

Downloads

9

Shares

0

Comments

0

Likes

0

×