SlideShare a Scribd company logo
© 2016 SecurityMetrics
The Case of the Suspiciously Flawless Investigation
Forensic Files Series
BUSINESS BACKGROUND
Ecommerce ticketing vendor
based out of New York.
BUSINESS BACKGROUND
Customer reported breach
to Visa, claiming their credit
card was hacked after
buying a ticket to an event.
HOW HACKERS GOT IN
Forensic investigation found
no evidence of breach.
Discovered a third party
website licensed to sell
vendor’s event tickets was
actually the organization
compromised.
HOW HACKERS GOT IN
Third party had to pay noncompliance
and compromise fines.
Ecommerce events vendor subject to
brand degradation and the cost of the
forensic investigation ordered by Visa
($25,000).
HOW HACKERS GOT IN
Since forensic investigation of third
party was done by another forensic
company, it is unknown exactly how
hackers breached the third party.
Similar situations indicate the
possibility of SQL injection.
WHAT IS SQL INJECTION
By feeding information into web
forms that aren’t coded to
reject illegitimate characters,
attackers can glean little pieces
of information about a business
database based on output from
erroneous entries.
WHAT IS SQL INJECTION
If hackers can gain enough
information about a database, it’s
only a matter of time until they
query it directly and gain
administrative access.
WHAT THE BUSINESS DID WRONG
Ecommerce events vendor
didn’t perform due diligence to
ensure licensed third party was
operating a secure site.
WHAT IS 3RD PARTY DUE DILIGENCE?
It is each organization’s
responsibility to take reasonable
steps to ensure contracted third
parties operate securely.
This means investigating IT
vendors, paper shredding
companies, and outsourced web
developers before signing contracts
and throughout the relationship.
www.securitymetrics.com
Wenlock Free
VP of Strategic Partnerships
wfree@securitymetrics.com

More Related Content

What's hot

Forter - NOAH19 Tel Aviv
Forter - NOAH19 Tel AvivForter - NOAH19 Tel Aviv
Forter - NOAH19 Tel Aviv
NOAH Advisors
 
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Forter
 
A Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present FraudA Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present Fraud
Forter
 
Cybersecurity presentation
Cybersecurity presentationCybersecurity presentation
Cybersecurity presentation
Jaimin Sanghvi
 
Identity Theft
Identity Theft Identity Theft
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
N F
 
Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify
Kevin Lewis
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft
- Mark - Fullbright
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Elizabeth Dimit
 
Credit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov modelCredit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov model
Shakas Technologies
 
What We Learned Working with Forter
What We Learned Working with ForterWhat We Learned Working with Forter
What We Learned Working with Forter
Simplifilm
 
Phishers
PhishersPhishers
3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve
Experian
 
RSA Conference 2016 Review
RSA Conference 2016 ReviewRSA Conference 2016 Review
RSA Conference 2016 Review
Norman W. Mayes, CISSP, MCSE, ITIL
 
Detecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious StatisticsDetecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious Statistics
Amardeep Singh
 
Combating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and SolveCombating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and Solve
Experian
 
Social Media Fraud Metrics
Social Media Fraud MetricsSocial Media Fraud Metrics
Social Media Fraud Metrics
Antigoni-Maria Founta
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
You Can Fight Identity Theft
You Can Fight Identity TheftYou Can Fight Identity Theft
You Can Fight Identity Theft
- Mark - Fullbright
 
You Have the Power to Stop Identity Theft
You Have the Power to Stop Identity TheftYou Have the Power to Stop Identity Theft
You Have the Power to Stop Identity Theft
- Mark - Fullbright
 

What's hot (20)

Forter - NOAH19 Tel Aviv
Forter - NOAH19 Tel AvivForter - NOAH19 Tel Aviv
Forter - NOAH19 Tel Aviv
 
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
 
A Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present FraudA Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present Fraud
 
Cybersecurity presentation
Cybersecurity presentationCybersecurity presentation
Cybersecurity presentation
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
 
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
 
Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
 
Credit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov modelCredit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov model
 
What We Learned Working with Forter
What We Learned Working with ForterWhat We Learned Working with Forter
What We Learned Working with Forter
 
Phishers
PhishersPhishers
Phishers
 
3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve
 
RSA Conference 2016 Review
RSA Conference 2016 ReviewRSA Conference 2016 Review
RSA Conference 2016 Review
 
Detecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious StatisticsDetecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious Statistics
 
Combating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and SolveCombating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and Solve
 
Social Media Fraud Metrics
Social Media Fraud MetricsSocial Media Fraud Metrics
Social Media Fraud Metrics
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
You Can Fight Identity Theft
You Can Fight Identity TheftYou Can Fight Identity Theft
You Can Fight Identity Theft
 
You Have the Power to Stop Identity Theft
You Have the Power to Stop Identity TheftYou Have the Power to Stop Identity Theft
You Have the Power to Stop Identity Theft
 

Viewers also liked

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
SecurityMetrics
 
Calligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print ArtCalligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print Art
The brand Saloon Inc.
 
HP Software Performance Tour 2014 - See the Big Picture in Big Data
HP Software Performance Tour 2014 - See the Big Picture in Big Data HP Software Performance Tour 2014 - See the Big Picture in Big Data
HP Software Performance Tour 2014 - See the Big Picture in Big Data
HP Enterprise Italia
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
SecurityMetrics
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hacking
jignesh khunt
 
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Big Data Pulse
 
Credit Card Merchant Services
Credit Card Merchant ServicesCredit Card Merchant Services
Credit Card Merchant Services
CardsCashRewards.com, Inc.
 

Viewers also liked (8)

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
 
Calligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print ArtCalligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print Art
 
HP Software Performance Tour 2014 - See the Big Picture in Big Data
HP Software Performance Tour 2014 - See the Big Picture in Big Data HP Software Performance Tour 2014 - See the Big Picture in Big Data
HP Software Performance Tour 2014 - See the Big Picture in Big Data
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hacking
 
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
 
Credit Card Merchant Services
Credit Card Merchant ServicesCredit Card Merchant Services
Credit Card Merchant Services
 

Similar to The Case of the Suspiciously Flawless Investigation

rajat_ppt
rajat_pptrajat_ppt
rajat_ppt
Rajat Guta
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
cowinhelen
 
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
hyacinthshackley2629
 
Cyber breach at target.pptx
Cyber breach at target.pptxCyber breach at target.pptx
Cyber breach at target.pptx
VarunLala2
 
KYC Solutions for online gambling
KYC Solutions for online gamblingKYC Solutions for online gambling
KYC Solutions for online gambling
TrustIDnow
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
OilPriceInformationService
 
Identity Theft business
Identity Theft businessIdentity Theft business
Identity Theft business
Matt Smith
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docxUnit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
dickonsondorris
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE  1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE  1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
wlynn1
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer Accounts
Abbie Olson
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
Diane M. Metcalf
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_point
efandeye
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout History
Protected Harbor
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
 Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
ArielMcCurdy
 
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech TalentRansomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
LUMINATIVE MEDIA/PROJECT COUNSEL MEDIA GROUP
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
bethljohnson
 
Cybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docxCybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docx
theodorelove43763
 
Types of cyber crime
Types of cyber crimeTypes of cyber crime
Types of cyber crime
InshaLakhani
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
amiable_indian
 

Similar to The Case of the Suspiciously Flawless Investigation (20)

rajat_ppt
rajat_pptrajat_ppt
rajat_ppt
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
 
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
 
Cyber breach at target.pptx
Cyber breach at target.pptxCyber breach at target.pptx
Cyber breach at target.pptx
 
KYC Solutions for online gambling
KYC Solutions for online gamblingKYC Solutions for online gambling
KYC Solutions for online gambling
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
Identity Theft business
Identity Theft businessIdentity Theft business
Identity Theft business
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docxUnit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE  1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE  1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer Accounts
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_point
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout History
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
 Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
 
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech TalentRansomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
 
Cybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docxCybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docx
 
Types of cyber crime
Types of cyber crimeTypes of cyber crime
Types of cyber crime
 
Economic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds DissectedEconomic offenses through Credit Card Frauds Dissected
Economic offenses through Credit Card Frauds Dissected
 

More from SecurityMetrics

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
SecurityMetrics
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
SecurityMetrics
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
SecurityMetrics
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
SecurityMetrics
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
SecurityMetrics
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
SecurityMetrics
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
SecurityMetrics
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
SecurityMetrics
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
SecurityMetrics
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
SecurityMetrics
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
SecurityMetrics
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
SecurityMetrics
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
SecurityMetrics
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
SecurityMetrics
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
SecurityMetrics
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
SecurityMetrics
 
Mobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data CompromiseMobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data Compromise
SecurityMetrics
 
Why Breach Protection Isn't Optional Anymore
Why Breach Protection Isn't Optional AnymoreWhy Breach Protection Isn't Optional Anymore
Why Breach Protection Isn't Optional Anymore
SecurityMetrics
 

More from SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 
Mobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data CompromiseMobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data Compromise
 
Why Breach Protection Isn't Optional Anymore
Why Breach Protection Isn't Optional AnymoreWhy Breach Protection Isn't Optional Anymore
Why Breach Protection Isn't Optional Anymore
 

Recently uploaded

ARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdf
ARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdfARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdf
ARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdf
Inglês no Mundo Digital
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Zilliz
 
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAIApplying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
ssuserd4e0d2
 
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Bert Blevins
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
chetankumar9855
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
aslasdfmkhan4750
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
huseindihon
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
ishalveerrandhawa1
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
Edge AI and Vision Alliance
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Muhammad Ali
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
KAMAL CHOUDHARY
 
How to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdfHow to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdf
ChristopherTHyatt
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
CEPTES Software Inc
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
rajancomputerfbd
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
Ivanti
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
Tatiana Al-Chueyr
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
Zilliz
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Networks
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Torry Harris
 

Recently uploaded (20)

ARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdf
ARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdfARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdf
ARTIFICIAL INTELLIGENCE (AI) IN MUSIC.pdf
 
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and OllamaTirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
Tirana Tech Meetup - Agentic RAG with Milvus, Llama3 and Ollama
 
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAIApplying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
Applying Retrieval-Augmented Generation (RAG) to Combat Hallucinations in GenAI
 
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
Understanding Insider Security Threats: Types, Examples, Effects, and Mitigat...
 
Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...Amul milk launches in US: Key details of its new products ...
Amul milk launches in US: Key details of its new products ...
 
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
High Profile Girls Call ServiCe Hyderabad 0000000000 Tanisha Best High Class ...
 
find out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challengesfind out more about the role of autonomous vehicles in facing global challenges
find out more about the role of autonomous vehicles in facing global challenges
 
Calgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptxCalgary MuleSoft Meetup APM and IDP .pptx
Calgary MuleSoft Meetup APM and IDP .pptx
 
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
“Deploying Large Language Models on a Raspberry Pi,” a Presentation from Usef...
 
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
Litestack talk at Brighton 2024 (Unleashing the power of SQLite for Ruby apps)
 
Recent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS InfrastructureRecent Advancements in the NIST-JARVIS Infrastructure
Recent Advancements in the NIST-JARVIS Infrastructure
 
How to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdfHow to build a generative AI solution A step-by-step guide (2).pdf
How to build a generative AI solution A step-by-step guide (2).pdf
 
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-InTrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
TrustArc Webinar - 2024 Data Privacy Trends: A Mid-Year Check-In
 
Salesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot WorkshopSalesforce AI & Einstein Copilot Workshop
Salesforce AI & Einstein Copilot Workshop
 
Choose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presenceChoose our Linux Web Hosting for a seamless and successful online presence
Choose our Linux Web Hosting for a seamless and successful online presence
 
July Patch Tuesday
July Patch TuesdayJuly Patch Tuesday
July Patch Tuesday
 
Best Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdfBest Practices for Effectively Running dbt in Airflow.pdf
Best Practices for Effectively Running dbt in Airflow.pdf
 
Using LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and MilvusUsing LLM Agents with Llama 3, LangGraph and Milvus
Using LLM Agents with Llama 3, LangGraph and Milvus
 
IPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite SolutionIPLOOK Remote-Sensing Satellite Solution
IPLOOK Remote-Sensing Satellite Solution
 
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...Evolution of iPaaS - simplify IT workloads to provide a unified view of  data...
Evolution of iPaaS - simplify IT workloads to provide a unified view of data...
 

The Case of the Suspiciously Flawless Investigation

  • 1. © 2016 SecurityMetrics The Case of the Suspiciously Flawless Investigation Forensic Files Series
  • 2. BUSINESS BACKGROUND Ecommerce ticketing vendor based out of New York.
  • 3. BUSINESS BACKGROUND Customer reported breach to Visa, claiming their credit card was hacked after buying a ticket to an event.
  • 4. HOW HACKERS GOT IN Forensic investigation found no evidence of breach. Discovered a third party website licensed to sell vendor’s event tickets was actually the organization compromised.
  • 5. HOW HACKERS GOT IN Third party had to pay noncompliance and compromise fines. Ecommerce events vendor subject to brand degradation and the cost of the forensic investigation ordered by Visa ($25,000).
  • 6. HOW HACKERS GOT IN Since forensic investigation of third party was done by another forensic company, it is unknown exactly how hackers breached the third party. Similar situations indicate the possibility of SQL injection.
  • 7. WHAT IS SQL INJECTION By feeding information into web forms that aren’t coded to reject illegitimate characters, attackers can glean little pieces of information about a business database based on output from erroneous entries.
  • 8. WHAT IS SQL INJECTION If hackers can gain enough information about a database, it’s only a matter of time until they query it directly and gain administrative access.
  • 9. WHAT THE BUSINESS DID WRONG Ecommerce events vendor didn’t perform due diligence to ensure licensed third party was operating a secure site.
  • 10. WHAT IS 3RD PARTY DUE DILIGENCE? It is each organization’s responsibility to take reasonable steps to ensure contracted third parties operate securely. This means investigating IT vendors, paper shredding companies, and outsourced web developers before signing contracts and throughout the relationship.
  • 11. www.securitymetrics.com Wenlock Free VP of Strategic Partnerships wfree@securitymetrics.com