Hacking Point of Sale

1,454 views

Published on

The recent batch of mega retailers that have been compromised, including Target, Neiman Marcus and Michaels, has revealed just how vulnerable payment systems are. Even with sophisticated tools, strong security policies, updated regulatory requirements such as PCI v3 and other measures to mitigate these attacks, hackers are still able to compromise the systems by taking advantage of inherent vulnerabilities in payment systems.

In this webcast, payment systems expert Slava Gomzin, author of Hacking Point of Sale: Payment Application Secrets, Threats, and Solutions, will show us how retailers such as Target were compromised, what went wrong, failures in PCI to address all vulnerabilities and how these types of breaches can be prevented in the future.

Webcast participants will also receive a free sample chapter of Slava’s book on “Payment Application Architecture,” which provides a detailed overview of how payment systems work, protocols and their weaknesses.

Published in: Technology
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,454
On SlideShare
0
From Embeds
0
Number of Embeds
45
Actions
Shares
0
Downloads
66
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide
  • WinHex Forensic Utility
  • WireShark Network Sniffer
  • Combining log intelligence, vulnerability data and security configuration information, we are then able to answer key security questions important to the business, for true security intelligence. Instead of simply providing reports we are able to answer specific questions with confidence, such as what systems are vulnerable, what systems are being attacked, which have already been compromised, which should we fix first, have we seen this before, when was it in a trusted state.
  • The basic idea of log intelligence is to make sense of the seemingly disparate events that are happening in your environment.
    <change slide>

    Usually this consists of log data from user systems, security devices, applications and other sources
    <change slide>

    In addition to this data, Tripwire also brings in additional layers of information including data from our Vulnerability Management solution as well as Security Configuration data. We are able then to correlate events, vulnerabilities and system state which provides higher resolution and business context around what is happening in your environment.
    <change>

    Through our powerful integrated correlation engine we provide actionable real-time intelligence which can trigger alerts, or actions such as automated remediation, or work with additional tools such as our certified integration with ArcSight, or a number of our other Technology Alliance Partners and other systems.
    <change>

    Tripwire also provides secure archives of this data paired with powerful security analytics and forensics tools for security and compliance.
  • The fact they did not have the network their vendors had access separated from their POS is troubling. Additionally they should have had logging in place to monitor and keep track of vendor activitiy on their network. With Tripwire Log Center we have rules out of the box that helps organizations monitor user activity closely on the network and correlate events across the network. Tripwire IP360 is our vulnerability management solution that is used by organizations to monitor and track where their systems are weak.
  • Hypothetical Target Attack – post on our blog in December before the breach was discovered.

    Important to cathc attackers in the act. When can you catch them and where is your best chance.

    Recon, enumeration. In this case they found an HVAC vendor with access to target. Small chance to detect at the recon phase.

    Exploitation and entrechment: 2 weeks they could exfiltrate data, greater and greater chance of catching them

    Then they will cover their tracksif they are a good attacker



  • Loaded a piece of malware onto a patch server, distributed to 1,800 stores across north america, 30 POS

    Malware pulled the credit card data out of memory, but it was updating a file share

    40 million credit cards


    Online Retailer:
    Plagued by outages on their webservers

    Security story: SQL injection at department store, batch file.

    Automated cyber-security intelligence, including:
    Security gap analysis
    Proof of compliance
    Executive reports for risk and compliance trending.

    Sharing the techniques to:
    Eliminate security gaps
    Become compliant
    Improve risk ratings

    Automated Remediation:
    Fix compliance issues with the push of a button
    Approval workflows


    Device Support: “You can go big with TW” – think enterprise with us.

  • 50K devices being changed n black Friday.

    A lot of file integrity monitoring solutions simply run a scan at a set interval, some even a month apart. Continuous monitoring is critical in retail given the velocity and change

    Everytime a cards was swiped they could have detected.

    Configured to no create fileshares the data could not have been exfiltrated.

    It took 7 days for them to send this infomation, they could have caught it in 6 days and would have avoided the breach.

    We would have caught it in the first credit card swipe.



    Online Retailer:
    Plagued by outages on their webservers

    Security story: SQL injection at department store, batch file.

    Automated cyber-security intelligence, including:
    Security gap analysis
    Proof of compliance
    Executive reports for risk and compliance trending.

    Sharing the techniques to:
    Eliminate security gaps
    Become compliant
    Improve risk ratings

    Automated Remediation:
    Fix compliance issues with the push of a button
    Approval workflows


    Device Support: “You can go big with TW” – think enterprise with us.

  • Thank you for your questions

    Thanks again to Charles Kolodgy from IDC for joining us today and sharing his thoughts on Vulnerability Management, and thanks to all of you for attending.

    We hope that you found the presentation informative and interesting. Remember to rate and comment on this webcast, in the Ratings section. And be on the lookout for an email from me with the on-demand link to this event. Have a great week!
  • ×