Logo

Ep 15: Ill Tills

en-us

April 01, 2018

TLDR: A major retailer's point of sales machines were hacked and found to contain malware after a digital forensics investigation. The responders were able to identify the malware and stop its spread, although it is unclear how much customer data was ultimately leaked.

1Ask AI
  • The Reality of Cybersecurity: Even Major Retailers Aren't Immune to HacksNo company is completely safe from the threat of cyber attacks, regardless of their size or industry. Proper preventative measures and incident response plans are crucial to mitigating potential damage.

    A major retail outlet got hacked and led to the sale of credit cards on the black market. The outlet found out from an email of their credit card brand and hired a consulting firm, Kroll to investigate their network. Incident responders, like Courtney Dayter and Matt Bromiley,both used to working on larger cases and specifically cases involving finance and retail, were the team hired to find, isolate, and fix the problems. With thousands of stores in the US and many more all across Europe and Asia, the outlet had both their online and physical stores' computers connected to the network, which made the breach easier. This case showcases that even the largest companies in the world can be victims of hacks.

  • Incident Response for a Large Retail CompanySwift identification and isolation of suspicious systems, and monitoring of network logs and IP addresses can lead to tracking down malware and compromise, protecting sensitive data from being leaked or breached.

    When conducting incident response for a global retail company, starting with two different approaches, which are understanding any leaked data and checking for any breach possible, deploying the necessary technical tool like Carbon Black for end-point monitoring and analysis, and then spreading throughout the environment. The monitoring software and antivirus at the stores couldn't detect anomalies, but identifying a set of computer systems acting suspiciously and taking them offline helped to track down thousands of malicious files with encrypted data. Using logs and tracking the IP addresses, they discovered 1,200 compromised systems and identified specific malware variations. The malware scraped data from memory and sent it to a central repository system, while writing to an output file with specific extensions.

  • Retail Company's Massive Credit Card Breach Linked to Global Cybercrime RingRobust cybersecurity measures and regular system monitoring are essential for companies to prevent and minimize the damage of data breaches, while customers should monitor their credit card statements for unauthorized transactions.

    Thousands of cash registers in a retail company were compromised with malware that scraped every credit card processed and leaked the data out of the network. Criminals used the stolen card data to withdraw cash from ATMs or buy gift cards to launder money, making serious cash off the retail company. The team found the same type of infrastructure in North America, Europe, and Asia Pacific. The investigators feared the amount of data stolen and accessed could be in the millions of credit card numbers. Companies should have robust cybersecurity measures and regularly monitor their systems to prevent such malicious activities and minimize the damage in case of a breach. Customers should also be vigilant and monitor their credit card statements for any unauthorized transactions.

  • Uncovering a New Variant of Tiny POS Malware and Its Impact on Point of Sales SystemsIt is crucial for businesses to regularly update their antivirus software and implement additional security measures to protect their point of sale systems from new and evolving malware like the Tiny POS malware.

    A new variant of Tiny POS malware was uncovered by the team that was directly writing over the wire to central pivot points used by attackers for card-scraping. Antivirus installed on registers weren't able to pick up this malware as it was less than 6 KB in size. Surprisingly, not only 80% of point of sales registers but also back of house systems had malware and were being scraped for data. Delivering such news to the client is never easy, and the team had to call them with the shocking discovery. The lawyers play a crucial role in verifying the findings and processing it, but there's always some hesitancy to avoid raising false alarms.

  • Understanding the extent of a credit card data breach and mitigating its impactIn case of a credit card data breach, it is important to assess the scope and size of the breach using digital forensics. Identifying the origin and duration of the breach and removing invalid card numbers will help mitigate the impact.

    In case of a credit card data breach, it is essential to quantify the extent of the damage, which includes determining the size and scope of the breach along with the exact period for which the data has been compromised. Digital forensics can help in understanding the duration and origin of the breach and whether it was a targeted attack or a result of phishing. Phishing is when a hacker targets an employee to click on malicious links or documents that can infect the system and provide access to hackers. Credit card companies ask for details and proof in case of a breach and identifying and removing duplicate and invalid card numbers from the exposed data is crucial.

  • Protecting Data Through Vigilant Monitoring and PatchingCompanies must take a multi-pronged approach to cybersecurity by updating their servers and monitoring network activity regularly. Creating a team dedicated to tracking breaches is critical to protecting data.

    Malware attackers can gain access to historical unencrypted data and use it to steal credit card information from years ago. Taking servers offline and patching network holes can help stop attackers from re-entering, but companies must also be vigilant in tracking down all back doors and phishing campaigns used by attackers. The speed at which attackers can re-compromise multiple machines speaks to how long they have been in the network, highlighting the importance of regularly monitoring network activity to detect and prevent intrusions. Having a dedicated team to find and track down potential breaches is essential in protecting company and customer data, even if breaches are inevitable.

  • Preventing Malware Attacks with Proper Network Security.Network security measures such as password changes and encryption help prevent malware attacks. Back doors installed by hackers can give access to systems even after removal, but tracking their movements and global infrastructure can help stop them. Sharing findings with companies improves their security and helps prevent similar attacks in the future.

    Proper network security measures, such as password changes and encryption, can prevent malware attacks. Back doors installed by hackers enable them to gain access to systems and control them even after they have been removed. The team was able to track the hackers' movements and quickly remediate the attack, but attribution to the person responsible for the attack is often difficult. Mapping out the attacker's global infrastructure allowed the team to gain control over the attack and prevent any more credit card information from being stolen. The team's findings were shared with the company to improve their security and prevent similar attacks in the future.

  • Asia Top Target for Hackers with Massive Data BreachHackers are targeting Asia as a prime location for cyber attacks and data breaches. Companies should take proactive measures to protect customer data and issue new cards to those impacted by these breaches.

    Asia had the highest number of unique back doors installed on it, with almost every system compromised. The compromise started in Southeast Asia. The final number of credit cards stolen was almost 100,000. These cards are likely to be sold in bulk somewhere for $10-$100 each, potentially making the hackers a million dollars. The breach was not as heavily covered by news outlets as previous breaches like Home Depot and Target. However, this breach severely impacts the individuals whose cards were stolen, and it falls on the company to work with banks and credit card companies to issue new cards.

  • The Importance of Cybersecurity: Stories of Cyber Attacks and Prevention EffortsCyber attacks can have severe consequences and impact business and personal life. It is crucial to stay informed and take steps to protect yourself. Collaborating with security professionals and promoting awareness is essential for preventing future attacks.

    The consequences of cyber attacks can be severe, as seen in Tom's story where his card data was stolen and used fraudulently, resulting in his business being negatively impacted, causing major interruptions in his life. However, there are security professionals like Courtney and Matt who work to detect and report new strains of malware to antivirus companies, helping to prevent future attacks. The importance of cybersecurity cannot be overstated, and it is crucial to stay informed about the latest threats and take steps to protect yourself and your business. Growing the awareness of the importance of cybersecurity is a collective effort and everyone can play a part in promoting it to others.

Was this summary helpful?

Recent Episodes

Ep 18: Jackpot

Ep 18: Jackpot

Darknet Diaries

A man addicted to gambling finds a glitch in a video poker machine that lets him win excessive amounts of money. The details of his situation remain unclear.

July 01, 2018

Ep 17: Finn

Ep 17: Finn

Darknet Diaries

Max, a 14-year-old kid, hacks someone's Twitter account and is left with more than he bargained for. The situation escalates as Max gets drawn into the world of his target's online activities.

June 03, 2018

Ep 16: Eijah

Ep 16: Eijah

Darknet Diaries

In 2007, a hacker named Eijah got fed up with DRM preventing him from playing paid-for content and decided to fight back by finding a way to circumvent the AACS.

May 01, 2018

Ep 14: #OpJustina

Ep 14: #OpJustina

Darknet Diaries

In 2013 an unnamed hospital was accused of conducting a medical kidnapping against Justina, sparking anger across the country, including from members of Anonymous.

March 01, 2018

Related Episodes

57: MS08-067

57: MS08-067

Darknet Diaries

Hear what goes on internally when Microsoft discovers a major vulnerability within Windows. Guest Thanks to John Lambert for sharing this story with us. Sponsors Support for this episode comes from ProCircular. Use the team at ProCircular to conduct security assessments, penetration testing, SIEM monitoring, help with patches, or do incident response. Visit www.procircular.com/ to learn more. This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. And use promo code DARKNET25. Support for this episode comes from Blinkist. They offer thousands of condensed non-fiction books, so you can get through books in about 15 minutes. Check out Blinkist.com/DARKNET to start your 7 day free trial and get 25% off when you sign up. Sources https://blogs.technet.microsoft.com/johnla/2015/09/26/the-inside-story-behind-ms08-067/ https://www.justice.gov/opa/pr/payment-processor-scareware-cybercrime-ring-sentenced-48-months-prison https://www.nytimes.com/2019/06/29/opinion/sunday/conficker-worm-ukraine.html https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2020-0601 https://www.wired.com/story/nsa-windows-10-vulnerability-disclosure/ Book: Worm Attribution Darknet Diaries is created by Jack Rhysider. Episode artwork by odibagas. Theme music created by Breakmaster Cylinder. Theme song available for listen and download at bandcamp. Or listen to it on Spotify. Learn more about your ad choices. Visit podcastchoices.com/adchoices

January 21, 2020

131: Welcome to Video

131: Welcome to Video

Darknet Diaries

Andy Greenberg discusses his book 'Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency', which explores how investigators used bitcoin tracing techniques to disrupt child sex abuse dark web websites. Varonis and Axonius support this show, providing solutions for ransomware detection and IT asset correlation.

December 27, 2022

59: The Courthouse

59: The Courthouse

Darknet Diaries

Penetration testers Gary and Justin attempted to breach a courthouse but their actions led to charges. The owners of security firm Detectify offer a free web vulnerability scanner. Coalfire CEO Tom McAndrew stated on policies, citing a recent case with two employees charged in a courthouse break-in before charges were dropped.

February 18, 2020

Presenting: Click Here "Lapsus$"

Presenting: Click Here "Lapsus$"

Darknet Diaries

The podcast features two stories, including a tale from Click Here hosted by Dina Temple Raston and another about an Australian sewage plant. Support comes from Snyk, Linode, and Cybereason.

July 12, 2022

AI

Ask this episodeAI Anything

Darknet Diaries

Hi! You're chatting with Darknet Diaries AI.

I can answer your questions from this episode and play episode clips relevant to your question.

You can ask a direct question or get started with below questions -

Sign In to save message history