2. Security and Data Breach
What & How it Happened? How to Mitigate?
Bobby Limitra
Solutions Engineer, F5 Networks
3. “Data Breach is a security violation in which
sensitive, protected or confidential data is copied,
transmitted, viewed, stolen or used by an individual
unauthorized to do so”
7. Data Breaches
In the last 8 years more than
7.1 billion identities have been
exposed in data breaches
70
MILLION
accounts
427
MILLION
accounts
150
MILLION
accounts
3
BILLION
accounts
117
MILLION
accounts
1. Symantec Internet Security Threat Report, April 2017
2. https://www.entrepreneur.com/article/246902#
Nearly 3 out of 4 consumers
use duplicate passwords,
many of which have not been
changed in five years or more.
3 out of 4
9. USERNAME Credit Card
Data
USERNAME Intellectual
Property
USERNAME Healthcare
Data
USERNAME Passport
Data
USERNAME Financial
Data
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
USERNAME
Credentials from
Previous Breaches
10. • Educate employees / customers and boost security awareness
• Bot detection & prevention
• Design your login form so that it is impossible for the attacker’s bot to
recognize the fields
• Use multifactor authentication
• Monitor for failed authentication attempt
11. • Formjacking uses code injected by an attacker to
siphon payment card information from an online
form and deliver it to the attacker
• The recent rise of formjacking indicates that any
organization that accepts payment card information
over the web is going to have their shopping cart
targeted, regardless of sector
12. Confidential / / Part of F5
Formjacking / Magecart
https://cdn.appdynamics.com/adrum/adrum-latest.js
https://cdn.gladly.com/assets/chat-sdk/fece5b8abfb/main.js
https://cdn.krxd.net/ctjs/controltag.js
https://cdnjs.cloudflare.com/ajax/libs/crypto-js/3.1.2/rollups/md5.js
https://connect.facebook.net/en_US/fbevents.js
https://d1fc8wv8zag5ca.cloudfront.net/2.10.2/sp.js
https://d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js
https://fullstory.com/s/fs.js
https://js.stripe.com/v2/
https://s.btstatic.com/tag.js
https://secure.flyr.io/v3/js/flyr.js
https://tag.bounceexchange.com/1907/i.js
https://uwhfgjlv.micpn.com/p/js/1.js
https://vt.myvisualiq.net/2/tDogjioRT72xXtfNK23F7A%3D%3D/vt-77.js
Typical Add Payment page loads JS from a dozen sources
13. Confidential / / Part of F5
Magecart on British Airways (facing US$230M fine)
SOURCE: https://www.riskiq.com/blog/labs/magecart-british-airways-breach/
Compromised file: https://www.britishairways.com/cms/global/scripts/lib/modernizr-2.6.2.min.js
14. • Injection Detection
• Inventory
• Patching
• Scanning
• Change Control
• Multi-Factor Authentication (MFA)
• Web Application Firewall (WAF)
• Server Tools (e.g: CSP, SRI)
• Monitor (for newly registered domains
and certificates of your brand)
15.
16. • DevOps adoption is increasing, but Security typically remain afterthoughts.
• Security has largely been divorced from software development.
Security in DevOps ?