SlideShare a Scribd company logo

Root conf digitalskimming-v3

Download as PPTX, PDF
A
Arjun BM

Rootconf digital skimming

Technology
1 of 13
- ARJUN B.M. The Art of Exfiltration DIGITAL SKIMMING
About • A security professional with diverse experience in architecting, designing & implementing & supporting IT Security & Vulnerability Management solutions in Enterprise & Cloud environments • Currently, working for a Retail major as a Security Architect ensuring end-to-end implementation, design and governance of security measures for Digital & Marketing space on an e-commerce platform
Outline • Context and Introduction • Threat Actors and Modus Operandi • Challenges and Countermeasures
The Nation Wants To Know… WHAT 17000 domains compromised, July 2019 WHO Cybercriminals (Magecart) WHY Misconfigured Amazon S3 buckets (WRITE permission) HOW JavaScript-based payment card-skimming code is over- written on existing JavaScript files on the bucket WHO FILA, British Airways, Feedify Source: https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets
ATTACKE R ONLINE USER ATTACKER CONTROLLED SERVER ATTACKER SCANS FOR VULNERABLE WEBSITES AND INJECTS MALICIOUS JS CODE ENTERS PAYMENT CARD DETAILS ON CHECKOUT PAGE TO MAKE ONLINE PURCHASE MALICIOUS JS CODE INJECTED STEALING OF PAYMENT CARD INFORMATIONE-COMMERCE WEBSITE MONETIZATION • RESHIPPING VIA MULES • SELL IT TO OTHER CYBERCRIMINALS
Anatomy of a Digital Skimmer
Threat Vectors The “How” of Digital Skimming - Misconfigured S3 Buckets - Compromise of Third-party Components - Outdated or Unpatched Versions of Software - Application Vulnerabilities (SQLi)
Threat Vectors Attack Patterns & Signatures - Group 1, 2 & 3 Automated spray & pray attack - Group 4 Obfuscation & Stealth - Group 5 Hacks third-party suppliers - Group 6 Extremely selective top-tier targets
Challenges • Lack of visibility into online resources • Dependency on third parties • Diversity of attack types: obfuscation, bitcoin miners, noisy techniques • Detection is difficult
Countermeasures • JavaScript Controls inventory, reduction & hosting • Hardening Procedures patching, 3rd party plugins, 2FA • Process & Policy vendor evaluation, monitoring, control code change
Countermeasures • Website Configuration Settings CSP, SRI, HTTPS, iFrame CSP HEADER Content-Security-Policy: script-src https://example.com/ Content-Security-Policy: require-sri-for script; SRI <script src=https://example.com/example-framework.js integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" </script> iFRAME X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN
Conclusion • Build defenses against known attack patterns and watch out for the unknown • Collaborative sharing between impacted organizations, security researchers and law enforcement
Thank you arjun.bm@target.com

Recommended

Root conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmRoot conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmArjun BM
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmArjun BM
 
Root conf Digital Skimming
Root conf Digital SkimmingRoot conf Digital Skimming
Root conf Digital SkimmingArjun BM
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Rangescoopnewsgroup
 
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...NUS-ISS
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 
Incident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftIncident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftAmazon Web Services
 

Recommended

Root conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmRoot conf digitalskimming-v2_arjunbm
Root conf digitalskimming-v2_arjunbmArjun BM
 
Root conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmRoot conf digitalskimming-v4_arjunbm
Root conf digitalskimming-v4_arjunbmArjun BM
 
Root conf Digital Skimming
Root conf Digital SkimmingRoot conf Digital Skimming
Root conf Digital SkimmingArjun BM
 
Enhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber RangeEnhancing your Cyber Skills through a Cyber Range
Enhancing your Cyber Skills through a Cyber Rangescoopnewsgroup
 
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...
NUS-ISS Learning Day 2018- A chain is only as strong as the weakest link _Do ...NUS-ISS
 
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...
Accelerated Threat Detection: Alert Logic and AWS - DEM02-R - AWS re:Inforce ...Amazon Web Services
 
Incident Response: Eyes Everywhere
Incident Response: Eyes EverywhereIncident Response: Eyes Everywhere
Incident Response: Eyes EverywhereAmazon Web Services
 
Incident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftIncident Response: Eyes Everywhere - AWS Security Week at the SF Loft
Incident Response: Eyes Everywhere - AWS Security Week at the SF LoftAmazon Web Services
 
Let's get evil - threat modelling at scale - Jakub Kałużny
Let's get evil - threat modelling at scale - Jakub KałużnyLet's get evil - threat modelling at scale - Jakub Kałużny
Let's get evil - threat modelling at scale - Jakub KałużnyPROIDEA
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleSecuRing
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
Application security enterprise strategies
Application security enterprise strategiesApplication security enterprise strategies
Application security enterprise strategiesNetwork Intelligence India
 
3D secure password
3D secure password3D secure password
3D secure passwordachintya354
 
Cognitive security
Cognitive securityCognitive security
Cognitive securityIqra khalil
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Sreejesh Madonandy
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfInfosec Train
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfinfosec train
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfinfosec train
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
Why Make The Cloud Switch
Why Make The Cloud SwitchWhy Make The Cloud Switch
Why Make The Cloud SwitchEddie O’Brien
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes EverywhereAmazon Web Services
 
Event-Driven Transformation in Banking and FSI
Event-Driven Transformation in Banking and FSIEvent-Driven Transformation in Banking and FSI
Event-Driven Transformation in Banking and FSISolace
 
How to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No OneHow to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No OneElisabeth Bitsch-Christensen
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 

More Related Content

Similar to Root conf digitalskimming-v3

Let's get evil - threat modelling at scale - Jakub Kałużny
Let's get evil - threat modelling at scale - Jakub KałużnyLet's get evil - threat modelling at scale - Jakub Kałużny
Let's get evil - threat modelling at scale - Jakub KałużnyPROIDEA
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleSecuRing
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the CloudAmazon Web Services
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioShah Sheikh
 
3D secure password
3D secure password3D secure password
3D secure passwordachintya354
 
Cognitive security
Cognitive securityCognitive security
Cognitive securityIqra khalil
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Sreejesh Madonandy
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Amazon Web Services
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfInfosec Train
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfinfosec train
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfinfosec train
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...Amazon Web Services
 
Why Make The Cloud Switch
Why Make The Cloud SwitchWhy Make The Cloud Switch
Why Make The Cloud SwitchEddie O’Brien
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...Amazon Web Services
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes EverywhereAmazon Web Services
 
Event-Driven Transformation in Banking and FSI
Event-Driven Transformation in Banking and FSIEvent-Driven Transformation in Banking and FSI
Event-Driven Transformation in Banking and FSISolace
 
How to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No OneHow to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No OneElisabeth Bitsch-Christensen
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Harry McLaren
 

Similar to Root conf digitalskimming-v3 (20)

Let's get evil - threat modelling at scale - Jakub Kałużny
Let's get evil - threat modelling at scale - Jakub KałużnyLet's get evil - threat modelling at scale - Jakub Kałużny
Let's get evil - threat modelling at scale - Jakub Kałużny
 
Let's get evil - threat modeling at scale
Let's get evil - threat modeling at scaleLet's get evil - threat modeling at scale
Let's get evil - threat modeling at scale
 
(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud(SEC202) Best Practices for Securely Leveraging the Cloud
(SEC202) Best Practices for Securely Leveraging the Cloud
 
DTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services PortfolioDTS Solution - Cyber Security Services Portfolio
DTS Solution - Cyber Security Services Portfolio
 
Application security enterprise strategies
Application security enterprise strategiesApplication security enterprise strategies
Application security enterprise strategies
 
3D secure password
3D secure password3D secure password
3D secure password
 
Cognitive security
Cognitive securityCognitive security
Cognitive security
 
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
Even In 2014, Attackers are on steroid on Cloud, since the IT spending on Web...
 
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
Criminal IP ASM | Threat Intelligence-based Automated Attack Surface Managem...
 
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019 Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
Guarding the guardian’s guard: IBM Trusteer - SEP326 - AWS re:Inforce 2019
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 
CyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdfCyberArk Interview Questions and Answers for 2023.pdf
CyberArk Interview Questions and Answers for 2023.pdf
 
CyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdfCyberArk Interview Questions and Answers for 2022.pdf
CyberArk Interview Questions and Answers for 2022.pdf
 
The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...The economics of incidents, and creative ways to thwart future threats - SEP3...
The economics of incidents, and creative ways to thwart future threats - SEP3...
 
Why Make The Cloud Switch
Why Make The Cloud SwitchWhy Make The Cloud Switch
Why Make The Cloud Switch
 
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
How FINRA achieves DevOps agility while securing its AWS environments - GRC33...
 
Incident Response - Eyes Everywhere
Incident Response - Eyes EverywhereIncident Response - Eyes Everywhere
Incident Response - Eyes Everywhere
 
Event-Driven Transformation in Banking and FSI
Event-Driven Transformation in Banking and FSIEvent-Driven Transformation in Banking and FSI
Event-Driven Transformation in Banking and FSI
 
How to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No OneHow to Counter Cybersecurity Attacks - Trust No One
How to Counter Cybersecurity Attacks - Trust No One
 
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies Security Operations, MITRE ATT&CK, SOC Roles / Competencies
Security Operations, MITRE ATT&CK, SOC Roles / Competencies
 

Recently uploaded

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesBoston Institute of Analytics
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 

Recently uploaded (20)

Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
HTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation StrategiesHTML Injection Attacks: Impact and Mitigation Strategies
HTML Injection Attacks: Impact and Mitigation Strategies
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 

Root conf digitalskimming-v3

  • 1. - ARJUN B.M. The Art of Exfiltration DIGITAL SKIMMING
  • 2. About • A security professional with diverse experience in architecting, designing & implementing & supporting IT Security & Vulnerability Management solutions in Enterprise & Cloud environments • Currently, working for a Retail major as a Security Architect ensuring end-to-end implementation, design and governance of security measures for Digital & Marketing space on an e-commerce platform
  • 3. Outline • Context and Introduction • Threat Actors and Modus Operandi • Challenges and Countermeasures
  • 4. The Nation Wants To Know… WHAT 17000 domains compromised, July 2019 WHO Cybercriminals (Magecart) WHY Misconfigured Amazon S3 buckets (WRITE permission) HOW JavaScript-based payment card-skimming code is over- written on existing JavaScript files on the bucket WHO FILA, British Airways, Feedify Source: https://www.riskiq.com/blog/labs/magecart-amazon-s3-buckets
  • 5. ATTACKE R ONLINE USER ATTACKER CONTROLLED SERVER ATTACKER SCANS FOR VULNERABLE WEBSITES AND INJECTS MALICIOUS JS CODE ENTERS PAYMENT CARD DETAILS ON CHECKOUT PAGE TO MAKE ONLINE PURCHASE MALICIOUS JS CODE INJECTED STEALING OF PAYMENT CARD INFORMATIONE-COMMERCE WEBSITE MONETIZATION • RESHIPPING VIA MULES • SELL IT TO OTHER CYBERCRIMINALS
  • 6. Anatomy of a Digital Skimmer
  • 7. Threat Vectors The “How” of Digital Skimming - Misconfigured S3 Buckets - Compromise of Third-party Components - Outdated or Unpatched Versions of Software - Application Vulnerabilities (SQLi)
  • 8. Threat Vectors Attack Patterns & Signatures - Group 1, 2 & 3 Automated spray & pray attack - Group 4 Obfuscation & Stealth - Group 5 Hacks third-party suppliers - Group 6 Extremely selective top-tier targets
  • 9. Challenges • Lack of visibility into online resources • Dependency on third parties • Diversity of attack types: obfuscation, bitcoin miners, noisy techniques • Detection is difficult
  • 10. Countermeasures • JavaScript Controls inventory, reduction & hosting • Hardening Procedures patching, 3rd party plugins, 2FA • Process & Policy vendor evaluation, monitoring, control code change
  • 11. Countermeasures • Website Configuration Settings CSP, SRI, HTTPS, iFrame CSP HEADER Content-Security-Policy: script-src https://example.com/ Content-Security-Policy: require-sri-for script; SRI <script src=https://example.com/example-framework.js integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" </script> iFRAME X-Frame-Options: DENY X-Frame-Options: SAMEORIGIN
  • 12. Conclusion • Build defenses against known attack patterns and watch out for the unknown • Collaborative sharing between impacted organizations, security researchers and law enforcement