Presentation is loading. Please wait.

Presentation is loading. Please wait.

©2015 Check Point Software Technologies Ltd. 1 [Protected] Non-confidential content Hartford Tech Summit Nuno Sousa | Check Point Security Engineer Eric.

Similar presentations


Presentation on theme: "©2015 Check Point Software Technologies Ltd. 1 [Protected] Non-confidential content Hartford Tech Summit Nuno Sousa | Check Point Security Engineer Eric."— Presentation transcript:

1 ©2015 Check Point Software Technologies Ltd. 1 [Protected] Non-confidential content Hartford Tech Summit Nuno Sousa | Check Point Security Engineer Eric O’Malley | Check Point Strategic Account Manager Dan Greco| Iovations Account Manager RETAIL SECURITY

2 ©2015 Check Point Software Technologies Ltd. 2 [Protected] Non-confidential content Home Depot - Neiman Marcus – Michaels - Sally Beauty - P.F. Chang's – Goodwill - Jimmy John's - UPS – Dairy Queen - Kmart – Staples – BeBe - Yellow Cab - Checker Cab - Shop 'n Save - Shoppers Food – Albertsons – Acme - Flagship Car Wash - Cub Foods - Farm Fresh - Supervalu - Hornbacher's - Jewel-Osco - Shaw's - Star Market - Taxi Affiliation Services- Dispatch Taxi - Micrologic Associats - Signature Systems Inc.- Roman Delight - Antonellis Pizza - Italian Touch - Lost Pizza Co. - Pizza King - Joe's Pizza and Pasta - Lott - Springdale Pizza - Skin Flints - Grecco's Pizza - Blue Moon Bakery - SaraBella Pizzeria & Desserts - Mister Jim's Submarines - Paisano's Pizza - Pizza King - Angelina's Pizzeria & Restaurant - Giuseppe's Pizza - Piero's Italian Restaurant - Bagel Boys - Donatis Pizza - Glenside Pizza - DeNiros Pizza & Subs - Luigis Pizzarama - Warrington Pizza - Wings to Go - The Pizza Shop II - Spatola's - Casa D'Amico - Wings to Go - Friends Bar & Grill - Paisano's Kingstowne - Joanie's - Hambinos Pizza Co - Joe's Pizza - Middle River Pizzeria - Tony's NY Pizza - Uncle Paul's Pizza - The Corner Cafà - Paisano's Pizza - Pizza Classica - Costello's Italian Ristorante - Uncle Charlie's Pizza - Joes Pizza & Pasta - Romanellis - Rosatis - Paisano's Pizza - Uncle Oogie's - Tonelli's - Community Pizza - Fat Boys Pizza – Pizza Tugos - Santucci's - Pizzeria Scotty - Casa D' Mama - Johnnys Pizza Di Fiores Pizzeria and Italian Restaurant - Uncle Joe's Pizza - Santucci's - All Town Pizza - Dominick's - Wild West Pizzeria - Abate Apizza - Rosati's - Abate Restaurant - Austin's Bar & Grill - Mister P Pizza & Pasta - La Fogata - Mario's Pizza - Lee's Hoagie House of Horsham - VJ's Diner & Rest - Apollo Pizza - Epheseus Pizza - Garden City Pizza - Valentino's Pizza - The Pizza Place and More - Positano's - Bella Pizza - Rosatis Pizza Pub - Don Franco's - Brother Bruno's - Deniro's - Dolce Carini- Dominick's Pizza & Carryout - Doreen's Pizzeria II - Garlicknot - Joes Pizza & Pasta - Oreland Pizza - Papa Nick's - Royal Pizza - SaraBella - Trattoria Peppino - American United Taxi - Blue Diamond Taxi - Express Systems - Scrubbs - Matt and Jeff's Car - Checkerd Flag Hand Carwash - Desert Express - Atlas Car Wash - Splash Carwash - Mariner Car Wash - Express Car Wash – Legends - Paradise Bay - Classic Auto Spa - Dons Car Wash - Shield System Carwash - Auto Spa - Key Road Car Wash - Blue Wave Car Wash - Spotless Auto Laundrine - Personal Touch Car Wash- Broadway Minute - American Car Wash - Magic Suds Car Wash - Dynamite Auto Wash - The Car Wash - Quick Quack - Waterworks - Mister Car Wash - Wiggy Wash - Supersonic Carwash

3 ©2015 Check Point Software Technologies Ltd. 3 Cards stolen per breach continues to rise [Protected] Non-confidential content

4 ©2015 Check Point Software Technologies Ltd. 4 Credit Cards Compromised [Protected] Non-confidential content Mar Schnucks: 2.4M Dec Target: 40M June Carwash POS P.F. Chang’s: 7M October Kmart Staples: 1.6M July Jimmy John’s Goodwill: 868K December BeBe January Neiman Marcus: 1.1M Michaels: 3M August UPS Dairy Queen Supervalu March Taxi POS Sally Beauty: 282K September Signature Systems Home Depot: 56M Poor security of POS provider effects hundreds of small businesses.

5 ©2015 Check Point Software Technologies Ltd. 5 Global PoS Malware Infections [Protected] Non-confidential content

6 ©2015 Check Point Software Technologies Ltd. 6 Card Fraud goes International [Protected] Non-confidential content Chip and Pin Magnet Strip Stolen card numbers from US are used globally Stolen card numbers from euro are used in US with magnet strips Used for online fraud globally

7 ©2015 Check Point Software Technologies Ltd. 7 [Protected] Non-confidential content DHS Warns US businesses hit by POS malware

8 ©2015 Check Point Software Technologies Ltd. 8 [Protected] Non-confidential content ©2015 Check Point Software Technologies Ltd. 8 Cost of Card Replacement $1.3 Billion

9 ©2015 Check Point Software Technologies Ltd. 9 [Protected] Non-confidential content Cost of identity theft in US $24.7 Billion in 2012

10 ©2015 Check Point Software Technologies Ltd. 10 [Protected] Non-confidential content Average victim cost $2,294

11 ©2015 Check Point Software Technologies Ltd. 11 Going rates for stolen POS data [Protected] Non-confidential content Hacker Products and ServicesPrice in 2013Price in 2014 Visa and Master Card (US)$4 American Express (US)$7$6 Discover Card (US)$8$6 Visa and Master Card (UK, CA, AU)$7-8$8 American Express (UK, CA, AU)$12-13$15 (UK, AU),$12 (CA) Discover Card (AU, CA)$12$15 (AU), $10(CA) Visa and Master Card (EU, Asia)$15$18-20 Credit Card with Track I, II Data (US)$12 Credit Card with Track I, II Data (EU)$19-20 Dell SecureWorks - Underground Economy

12 ©2015 Check Point Software Technologies Ltd. 12 Underground Marketplace [Protected] Non-confidential content

13 ©2015 Check Point Software Technologies Ltd. 13 Carding As A Service [Protected] Non-confidential content

14 ©2015 Check Point Software Technologies Ltd. 14 Black Friday Specials on Black Market [Protected] Non-confidential content

15 ©2015 Check Point Software Technologies Ltd. 15 [Protected] Non-confidential content No Free Ride Judge rules lawsuits against retailors are allowed. Banks can proceed to recoup their costs.

16 ©2015 Check Point Software Technologies Ltd. HOW DID WE GET HERE? [Protected] Non-confidential content

17 ©2015 Check Point Software Technologies Ltd. 17 [Protected] Non-confidential content

18 ©2015 Check Point Software Technologies Ltd. 18 Chip and Pin are no silver bullet either! [Protected] Non-confidential content Having plain-text chip/track data in POS memory will be more of the same problem. While slightly more involved, vulnerabilities are constantly being found such as the Pre-Play attack and MitM PIN verification.

19 ©2015 Check Point Software Technologies Ltd. 19 Major Risks for PoS Terminals [Protected] Non-confidential content Similar configuration challenges as for PCs Old OSs and difficulties patching vulnerabilities On-device security software often not implemented Inadequate segmentation from corporate network Moving to Chip and PIN won’t stop malware

20 ©2015 Check Point Software Technologies Ltd. 20 Attach Vectors [Protected] Non-confidential content Multiple breaches performed by multiple attackers Used customized tools that were tailored to specific environments Enterprise desktop management systems used to push attack tools Tens of thousands of security events ignored

21 ©2015 Check Point Software Technologies Ltd. 21 A Look At the Attack Method [Protected] Non-confidential content Installed malware on PoS devices Spread horizontally until achieved footprint on PoS network Moved from third-party network to retail store Reconnaissance found a third-party network connection

22 ©2015 Check Point Software Technologies Ltd. 22 Ever Evolving Malware [Protected] Non-confidential content DexterStarDustBlackPOSvSkimmerDecebalAlina FrameworkPOSBackoffkaptoxaChewBaccaJackPOSNemanja SorayaBrutPOSBaggageTriforceOGTripple Threat gooMAYnetLASTROMGetmypass LucyPOSPoslogrd4r3|dev1|

23 ©2015 Check Point Software Technologies Ltd. 23 Exfiltration [Protected] Non-confidential content Card data hidden in local.dll file Malware copied.dll files to network share daily Known credentials used to access servers Card data moved to external FTP server

24 ©2015 Check Point Software Technologies Ltd. 24 Follow the money [Protected] Non-confidential content Individual credential theft using keyloggers Wide scale credential theft using malware Attacks on bank's databases Attacks on the databases of card processors

25 ©2015 Check Point Software Technologies Ltd. WHAT CAN WE DO ABOUT IT? [Protected] Non-confidential content

26 ©2015 Check Point Software Technologies Ltd. 26 Four Steps to Improve PoS Security [Protected] Non-confidential content 1 Enforce network segmentation 2 Restrict device access, limit application use and secure data 3 Leverage Threat Prevention 4 Integrate security and event management

27 ©2015 Check Point Software Technologies Ltd. 27 A View Towards Segmentation [Protected] Non-confidential content Highest-end security throughput Back-end system protected POS TERMINALS CARD SWIPING DEVICES (DATABASE SERVER) PAYMENT PROCESSING CENTER PoS systems isolated from rest of network

28 ©2015 Check Point Software Technologies Ltd. 28 Use VPNs to Secure Communications [Protected] Non-confidential content All PoS traffic is isolated from other inter-segment interactions

29 ©2015 Check Point Software Technologies Ltd. 29 Implement Application Controls With Device Identity Restrictions [Protected] Non-confidential content Point of Sale systems can communicate only with specific protocols Logging enabled for forensic purposes Device identity enforced in the policy

30 ©2015 Check Point Software Technologies Ltd. 30 Data Security [Protected] Non-confidential content Define and enforce the flow of Credit Card and other critical data to the expected destination Any deviation will be prevented Generate automated alerts and automated isolation from the network.

31 ©2015 Check Point Software Technologies Ltd. 31 Threat Prevention is a Must [Protected] Non-confidential content PCI includes requirements for anti-malware controls primarily for desktops Recommends but does NOT require additional malware protections Need to implement Threat Prevention across the network and not just malware monitoring

32 ©2015 Check Point Software Technologies Ltd. 32 [Protected] Non-confidential content Use integrated event management to follow and break the kill chain

33 ©2015 Check Point Software Technologies Ltd. 33 First View: All Events [Protected] Non-confidential content Important events prioritized on a timeline

34 ©2015 Check Point Software Technologies Ltd. 34 Same Platform Enables Incident Management [Protected] Non-confidential content Prevented DLP incident triggers event log With source and destination details Event type and identifier of exfiltration attempt

35 ©2015 Check Point Software Technologies Ltd. 35 Aggregation of Multi-Vector Attack Details [Protected] Non-confidential content Bot incident also identified Correlates to the same IP address Enables attribution and identification of method

36 ©2015 Check Point Software Technologies Ltd. 36 Threat Emulation Finds POS Malware [Protected] Non-confidential content

37 ©2015 Check Point Software Technologies Ltd. 37 ©2015 Check Point Software Technologies Ltd. THANK YOU! [Protected] Non-confidential content


Download ppt "©2015 Check Point Software Technologies Ltd. 1 [Protected] Non-confidential content Hartford Tech Summit Nuno Sousa | Check Point Security Engineer Eric."

Similar presentations


Ads by Google