Successfully reported this slideshow.
Your SlideShare is downloading. ×

The Case of the Mistaken Malware

May. 21, 2014
1 like 1,124 views
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Ad
Upcoming SlideShare
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
Loading in …3
×

Check these out next

Past, Present & Future of Credentials Theft
Lavi Lazarovitz
Digital Shadows SearchLight™ Overview
Digital Shadows
The State of End-User Security—Global Data from 30,000+ Websites
Priyanka Aash
WTF is Digital Risk Protection
Digital Shadows
Ethical hacking
HarishBabuKaveri
Disrupt Hackers With Robust User Authentication
Intel IT Center
Cloud computing's notorious nine-
Nikki Alexander
Data Loss Detection
Digital Shadows
1 of 12 Ad

The Case of the Mistaken Malware

May. 21, 2014
1 like 1,124 views

Download to read offline

Technology Business
Technology Business
Advertisement

Recommended

The Case of the Stockpiled Credit Cards
SecurityMetrics
2k views
11 slides
AI vs. AI: Can Predictive Models Stop the Tide of Hacker AI?
Alejandro Correa Bahnsen, PhD
305 views
14 slides
DeepPhish: Simulating malicious AI
Alejandro Correa Bahnsen, PhD
2.8k views
25 slides
black hat deephish
Alejandro Correa Bahnsen, PhD
717 views
47 slides
5 Types of Insider Threats and How to Detect them in Your ERP System
Michael Cunningham
20 views
1 slide
Black Friday Kicks Off Holiday Cyber-Crime Season
Tenable Network Security
443 views
1 slide
Insider theft detection
SumanthKommineni
47 views
17 slides
2016 Gaming Industry Intelligence Package
Mike Maziarka
151 views
3 slides
Advertisement

More Related Content

Slideshows for you (20)

Past, Present & Future of Credentials Theft
Lavi Lazarovitz
286 views
Digital Shadows SearchLight™ Overview
Digital Shadows
345 views
The State of End-User Security—Global Data from 30,000+ Websites
Priyanka Aash
369 views
WTF is Digital Risk Protection
Digital Shadows
189 views
Ethical hacking
HarishBabuKaveri
67 views
Disrupt Hackers With Robust User Authentication
Intel IT Center
406 views
Cloud computing's notorious nine-
Nikki Alexander
476 views
Data Loss Detection
Digital Shadows
162 views
Cyber Threat Intelligence: What do we Want? The Incident Response and Technol...
Albert Hui
1.2k views
Ransomware: Prevention, privacy and your options post-breach
Gowling WLG
420 views
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
CBIZ Risk & Advisory Services
74 views
Patches Arrren't Just for Pirates
webnowires
42 views
David Emm | The What, How, Who and Why of Computer Malware
Pro Mrkt
355 views
Don't Rely on Software Alone. Protect Endpoints with Hardware-Enhanced Security.
Intel IT Center
3k views
What Cybercriminals Want: Company Data – by United Security Providers
United Security Providers AG
377 views
Hackers Hit Web Host
webhostingguy
297 views
Security Threat Presentation
Robert Giannini
511 views
The only way to survive is to automate your SOC
Roberto Sponchioni
154 views
2018 Black Hat Hacker Survey Report: What Hackers Really Think About Your Cyb...
SBWebinars
100 views
Owasp Mobile Top 10 - M7 & M8
5h1vang
1k views
Past, Present & Future of Credentials Theft
Lavi Lazarovitz
286 views
20 slides
Digital Shadows SearchLight™ Overview
Digital Shadows
345 views
4 slides
The State of End-User Security—Global Data from 30,000+ Websites
Priyanka Aash
369 views
42 slides
WTF is Digital Risk Protection
Digital Shadows
189 views
15 slides
Ethical hacking
HarishBabuKaveri
67 views
15 slides
Disrupt Hackers With Robust User Authentication
Intel IT Center
406 views
12 slides

Similar to The Case of the Mistaken Malware (20)

ransomware keylogger rootkit.pptx
dawitTerefe5
34 views
PoS Malware and Other Threats to the Retail Industry
Invincea, Inc.
1.1k views
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
EMC
625 views
Parag presentation on ethical hacking
parag101
1.4k views
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
2k views
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
5.9k views
Keyloggers and Spywares
Ankit Mistry
11.8k views
The Most Common Enterprise Malware and how to identify them
InstaSafe Technologies
7 views
Spyware risk it's time to get smart
Kanha Sahu
399 views
LIFT OFF 2017: Ransomware and IR Overview
Robert Herjavec
1.5k views
Penetration Testing Basics
Rick Wanner
12.5k views
Anatomy of a breach - an e-book by Microsoft in collaboration with the EU
University of Essex
105 views
SDK Whitepaper
hanniw79
352 views
Cybersecurity Training
WindstoneHealth
590 views
IQT 2010 - The App Does That!?
Tyler Shields
416 views
Basics of hacking
Ali Asghar Jafari Lari
272 views
System hacking
CAS
2k views
Types of Malware.docx
SarahReese14
7 views
Spyware presentation by mangesh wadibhasme
Mangesh wadibhasme
1.2k views
Key Logging.pptx.pdf
SnehithaKurimelli
6 views
ransomware keylogger rootkit.pptx
dawitTerefe5
34 views
15 slides
PoS Malware and Other Threats to the Retail Industry
Invincea, Inc.
1.1k views
24 slides
Advanced Threats in the Enterprise: Finding an Evil in the Haystack
EMC
625 views
7 slides
Parag presentation on ethical hacking
parag101
1.4k views
24 slides
Cyber-Espionage: Understanding the Advanced Threat Landscape
Aaron White
2k views
20 slides
Panda Adaptive Defense 360 - Cyber Extortion Guide
Panda Security
5.9k views
22 slides
Advertisement

More from SecurityMetrics (20)

Hipaa Reality Check
SecurityMetrics
505 views
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
551 views
How to Effectively Manage a Data Breach
SecurityMetrics
611 views
How to Secure Your Medical Devices
SecurityMetrics
550 views
How to Prepare for a PCI DSS Audit
SecurityMetrics
1.1k views
Medical Data Encryption 101
SecurityMetrics
372 views
Securing Your Remote Access Desktop Connection
SecurityMetrics
174 views
Window of Compromise
SecurityMetrics
119 views
HIPAA PHI Protection: Where is Your PHI Stored?
SecurityMetrics
407 views
The 5 Step HIPAA Risk Analysis
SecurityMetrics
58 views
5 Documents to Prepare for a HIPAA Audit
SecurityMetrics
117 views
Don't Let Phishing Emails Hook Your Empolyees
SecurityMetrics
94 views
What's Causing You to Store Unencrypted Payment Cards?
SecurityMetrics
97 views
5 Steps to Manage a Data Breach
SecurityMetrics
57 views
Auditing Archives: The Case of the File Sharing Franchisee
SecurityMetrics
1.1k views
Auditing Archives: The Case of the Evil Java Script
SecurityMetrics
1.2k views
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
SecurityMetrics
1.1k views
The Case of the Suspiciously Flawless Investigation
SecurityMetrics
1.2k views
What Does the End of Windows XP Mean For Businesses?
SecurityMetrics
1.7k views
How Ethical Hacking is Healthy for Business
SecurityMetrics
925 views
Hipaa Reality Check
SecurityMetrics
505 views
33 slides
Understanding the New PCI DSS Scoping Supplement
SecurityMetrics
551 views
34 slides
How to Effectively Manage a Data Breach
SecurityMetrics
611 views
11 slides
How to Secure Your Medical Devices
SecurityMetrics
550 views
9 slides
How to Prepare for a PCI DSS Audit
SecurityMetrics
1.1k views
11 slides
Medical Data Encryption 101
SecurityMetrics
372 views
9 slides

Recently uploaded (20)

AI-Act-Impact-Survey_Report_Dec12.2022.pdf
Alfredo Cáceres
0 views
Bonded, Laminated & Bonded fabric (1).pptx
AllInOne403989
0 views
Product Enablement Principles
UXDXConf
0 views
Choosing the Board’s Duty of Foresight
OnBoard
0 views
animix play
animixplay app
0 views
Enhancing Safety and Security with Queue Management Software - Qwaiting
Qwaiting
0 views
WP REST API - modifying responses
Jonathan Bossenger
0 views
🌺 Women in Automation Program: Become an RPA Developer with UiPath Studio Ses...
Cristina Vidu
0 views
Reasons Why Dot Net Framework is Most Demanded in 2023
Cerebrum Infotech
3 views
Internet of Things (IOT) Proliferation.pdf
Apixel IT Support
4 views
Why should you invest in an ERP System
AdamMacdonald32
0 views
The Spotight is On Passwordless Authentication
Andy32903
0 views
SESSION 01-ALPHABET-NUMBERS-DEMOSRATIVE.pdf
SamiraQuispe
0 views
How to develop healthcare app.docx
SophiaJasper
0 views
METAVERSE .pptx
satish760383
0 views
Drive Successful ESG Initiatives with Trusted Data
Precisely
0 views
Mapping Your Brand’s Journey into The Metaverse.pdf
AnuragYadav882277
0 views
Solar heater manufacturers in India
Farmson Solar
4 views
Crypto Developer Locations 2023 by Electric Capital
MariaShen2
0 views
NS-CUK Seminar: S.T.Nguyen, Review on "Do Transformers Really Perform Bad for...
Network Science Lab, The Catholic University of Korea
8 views
AI-Act-Impact-Survey_Report_Dec12.2022.pdf
Alfredo Cáceres
0 views
31 slides
Bonded, Laminated & Bonded fabric (1).pptx
AllInOne403989
0 views
26 slides
Product Enablement Principles
UXDXConf
0 views
17 slides
Choosing the Board’s Duty of Foresight
OnBoard
0 views
49 slides
animix play
animixplay app
0 views
2 slides
Enhancing Safety and Security with Queue Management Software - Qwaiting
Qwaiting
0 views
6 slides
Advertisement

The Case of the Mistaken Malware

  1. 1. © 2016 SecurityMetrics The Case of the Mistaken Malware Forensic Files Series
  2. 2. BUSINESS BACKGROUND All sites connected to the same card processing environment. Small retailer operates one main store, multiple satellite stores, and two corporate offices.
  3. 3. BUSINESS BACKGROUND During a routine anti-virus log review, in-house IT staff member finds Sirefef rootkit at satellite store.
  4. 4. WHAT IS A ROOTKIT? A rootkit is a type of malicious software activated each time a system boots up. They are difficult to detect because they reside at the system’s kernel level, and are activated before a system’s operating system has completely booted up.
  5. 5. HOW HACKERS GOT IN Compromised the credentials for the remote access application, LogMeIn. Installed Sirefef, a sophisticated rootkit that can spread spam or capture sensitive information such as passwords or credit card data.
  6. 6. FORENSIC INVESTIGATOR FINDINGS Investigator finds the Sirefef rootkit did not actually steal customer credit cards. Further investigation revealed a memory scraper called Alina (installed by the same hacker), designed specifically to capture payment information from POS terminals.
  7. 7. WHAT IS A MEMORY SCRAPER? A memory scraper is designed to capture, or ‘scrape’ sensitive information from system memory (RAM) and return it back to the attacker. The Alina memory scraper can morph into newer versions to avoid detection, or automatically reinstall in different locations if deleted.
  8. 8. WHAT THE BUSINESS DID WRONG Retailer didn’t employ two-factor authentication to secure remote access into their main store, satellites, and corporate offices.
  9. 9. WHAT’S TWO-FACTOR AUTHENTICATION? Two factor authentication is an extra layer of security that requires not only a password and username but also something only the user should know/have (e.g., a fingerprint).
  10. 10. WHAT THE BUSINESS DID WRONG Although they regularly reviewed anti-virus logs, IT staff did not regularly update anti-virus program and system security patches.
  11. 11. WHAT THE BUSINESS DID WRONG In addition, the credit card processing environment was not segmented away from routine Internet traffic. Internet Firewall Wireless Device Network Switch Terminal Office Computer Printer Mobile Hotspot
  12. 12. www.securitymetrics.com Wenlock Free VP Business Development wfree@securitymetrics.com

Editor's Notes

  • The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss.

    What is the PCI DSS?
    The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data.
    Who is required to comply with PCI DSS?
    All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
  • The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss.

    What is the PCI DSS?
    The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data.
    Who is required to comply with PCI DSS?
    All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.
  • The Payment Card Industry Security Standards Council (PCI SSC) was created by the major card brands (MasterCard Worldwide, Discover Financial Services, American Express, JCB International, and Visa Inc.). The PCI Council then created the Payment Card Industry Data Security Standard (PCI DSS) to reduce payment card theft and electronic data loss.

    What is the PCI DSS?
    The PCI DSS is a list of twelve card-handling practices merchants must follow to accept payment cards. This standard details how to securely handle, process, and store sensitive payment card data.
    Who is required to comply with PCI DSS?
    All merchants that accept Visa, MasterCard, Discover, AMEX, or JCB are required to comply with the PCI DSS.

×