©2015 Check Point Software Technologies Ltd. 1 [Protected] Non-confidential content Hartford Tech Summit Nuno Sousa | Check Point Security Engineer Eric

Embed Size (px)

Citation preview

  • Slide 1
  • 2015 Check Point Software Technologies Ltd. 1 [Protected] Non-confidential content Hartford Tech Summit Nuno Sousa | Check Point Security Engineer Eric OMalley | Check Point Strategic Account Manager Dan Greco| Iovations Account Manager RETAIL SECURITY
  • Slide 2
  • 2015 Check Point Software Technologies Ltd. 2 [Protected] Non-confidential content Home Depot - Neiman Marcus Michaels - Sally Beauty - P.F. Chang's Goodwill - Jimmy John's - UPS Dairy Queen - Kmart Staples BeBe - Yellow Cab - Checker Cab - Shop 'n Save - Shoppers Food Albertsons Acme - Flagship Car Wash - Cub Foods - Farm Fresh - Supervalu - Hornbacher's - Jewel-Osco - Shaw's - Star Market - Taxi Affiliation Services- Dispatch Taxi - Micrologic Associats - Signature Systems Inc.- Roman Delight - Antonellis Pizza - Italian Touch - Lost Pizza Co. - Pizza King - Joe's Pizza and Pasta - Lott - Springdale Pizza - Skin Flints - Grecco's Pizza - Blue Moon Bakery - SaraBella Pizzeria & Desserts - Mister Jim's Submarines - Paisano's Pizza - Pizza King - Angelina's Pizzeria & Restaurant - Giuseppe's Pizza - Piero's Italian Restaurant - Bagel Boys - Donatis Pizza - Glenside Pizza - DeNiros Pizza & Subs - Luigis Pizzarama - Warrington Pizza - Wings to Go - The Pizza Shop II - Spatola's - Casa D'Amico - Wings to Go - Friends Bar & Grill - Paisano's Kingstowne - Joanie's - Hambinos Pizza Co - Joe's Pizza - Middle River Pizzeria - Tony's NY Pizza - Uncle Paul's Pizza - The Corner Caf - Paisano's Pizza - Pizza Classica - Costello's Italian Ristorante - Uncle Charlie's Pizza - Joes Pizza & Pasta - Romanellis - Rosatis - Paisano's Pizza - Uncle Oogie's - Tonelli's - Community Pizza - Fat Boys Pizza Pizza Tugos - Santucci's - Pizzeria Scotty - Casa D' Mama - Johnnys Pizza Di Fiores Pizzeria and Italian Restaurant - Uncle Joe's Pizza - Santucci's - All Town Pizza - Dominick's - Wild West Pizzeria - Abate Apizza - Rosati's - Abate Restaurant - Austin's Bar & Grill - Mister P Pizza & Pasta - La Fogata - Mario's Pizza - Lee's Hoagie House of Horsham - VJ's Diner & Rest - Apollo Pizza - Epheseus Pizza - Garden City Pizza - Valentino's Pizza - The Pizza Place and More - Positano's - Bella Pizza - Rosatis Pizza Pub - Don Franco's - Brother Bruno's - Deniro's - Dolce Carini- Dominick's Pizza & Carryout - Doreen's Pizzeria II - Garlicknot - Joes Pizza & Pasta - Oreland Pizza - Papa Nick's - Royal Pizza - SaraBella - Trattoria Peppino - American United Taxi - Blue Diamond Taxi - Express Systems - Scrubbs - Matt and Jeff's Car - Checkerd Flag Hand Carwash - Desert Express - Atlas Car Wash - Splash Carwash - Mariner Car Wash - Express Car Wash Legends - Paradise Bay - Classic Auto Spa - Dons Car Wash - Shield System Carwash - Auto Spa - Key Road Car Wash - Blue Wave Car Wash - Spotless Auto Laundrine - Personal Touch Car Wash- Broadway Minute - American Car Wash - Magic Suds Car Wash - Dynamite Auto Wash - The Car Wash - Quick Quack - Waterworks - Mister Car Wash - Wiggy Wash - Supersonic Carwash
  • Slide 3
  • 2015 Check Point Software Technologies Ltd. 3 Cards stolen per breach continues to rise [Protected] Non-confidential content
  • Slide 4
  • 2015 Check Point Software Technologies Ltd. 4 Credit Cards Compromised [Protected] Non-confidential content Mar 30 2013 Schnucks: 2.4M Dec 18 2013 Target: 40M June Carwash POS P.F. Changs: 7M October Kmart Staples: 1.6M July Jimmy Johns Goodwill: 868K December BeBe January Neiman Marcus: 1.1M Michaels: 3M August UPS Dairy Queen Supervalu March Taxi POS Sally Beauty: 282K September Signature Systems Home Depot: 56M Poor security of POS provider effects hundreds of small businesses.
  • Slide 5
  • 2015 Check Point Software Technologies Ltd. 5 Global PoS Malware Infections [Protected] Non-confidential content
  • Slide 6
  • 2015 Check Point Software Technologies Ltd. 6 Card Fraud goes International [Protected] Non-confidential content Chip and Pin Magnet Strip Stolen card numbers from US are used globally Stolen card numbers from euro are used in US with magnet strips Used for online fraud globally
  • Slide 7
  • 2015 Check Point Software Technologies Ltd. 7 [Protected] Non-confidential content DHS Warns 1000+ US businesses hit by POS malware
  • Slide 8
  • 2015 Check Point Software Technologies Ltd. 8 [Protected] Non-confidential content 2015 Check Point Software Technologies Ltd. 8 Cost of Card Replacement $1.3 Billion
  • Slide 9
  • 2015 Check Point Software Technologies Ltd. 9 [Protected] Non-confidential content Cost of identity theft in US $24.7 Billion in 2012
  • Slide 10
  • 2015 Check Point Software Technologies Ltd. 10 [Protected] Non-confidential content Average victim cost $2,294
  • Slide 11
  • 2015 Check Point Software Technologies Ltd. 11 Going rates for stolen POS data [Protected] Non-confidential content Hacker Products and ServicesPrice in 2013Price in 2014 Visa and Master Card (US)$4 American Express (US)$7$6 Discover Card (US)$8$6 Visa and Master Card (UK, CA, AU)$7-8$8 American Express (UK, CA, AU)$12-13$15 (UK, AU),$12 (CA) Discover Card (AU, CA)$12$15 (AU), $10(CA) Visa and Master Card (EU, Asia)$15$18-20 Credit Card with Track I, II Data (US)$12 Credit Card with Track I, II Data (EU)$19-20 Dell SecureWorks - Underground Economy
  • Slide 12
  • 2015 Check Point Software Technologies Ltd. 12 Underground Marketplace [Protected] Non-confidential content
  • Slide 13
  • 2015 Check Point Software Technologies Ltd. 13 Carding As A Service [Protected] Non-confidential content
  • Slide 14
  • 2015 Check Point Software Technologies Ltd. 14 Black Friday Specials on Black Market [Protected] Non-confidential content
  • Slide 15
  • 2015 Check Point Software Technologies Ltd. 15 [Protected] Non-confidential content No Free Ride Judge rules lawsuits against retailors are allowed. Banks can proceed to recoup their costs.
  • Slide 16
  • 2015 Check Point Software Technologies Ltd. HOW DID WE GET HERE? [Protected] Non-confidential content
  • Slide 17
  • 2015 Check Point Software Technologies Ltd. 17 [Protected] Non-confidential content
  • Slide 18
  • 2015 Check Point Software Technologies Ltd. 18 Chip and Pin are no silver bullet either! [Protected] Non-confidential content Having plain-text chip/track data in POS memory will be more of the same problem. While slightly more involved, vulnerabilities are constantly being found such as the Pre-Play attack and MitM PIN verification.
  • Slide 19
  • 2015 Check Point Software Technologies Ltd. 19 Major Risks for PoS Terminals [Protected] Non-confidential content Similar configuration challenges as for PCs Old OSs and difficulties patching vulnerabilities On-device security software often not implemented Inadequate segmentation from corporate network Moving to Chip and PIN wont stop malware
  • Slide 20
  • 2015 Check Point Software Technologies Ltd. 20 Attach Vectors [Protected] Non-confidential content Multiple breaches performed by multiple attackers Used customized tools that were tailored to specific environments Enterprise desktop management systems used to push attack tools Tens of thousands of security events ignored
  • Slide 21
  • 2015 Check Point Software Technologies Ltd. 21 A Look At the Attack Method [Protected] Non-confidential content Installed malware on PoS devices Spread horizontally until achieved footprint on PoS network Moved from third-party network to retail store Reconnaissance found a third-party network connection
  • Slide 22
  • 2015 Check Point Software Technologies Ltd. 22 Ever Evolving Malware [Protected] Non-confidential content DexterStarDustBlackPOSvSkimmerDecebalAlina FrameworkPOSBackoffkaptoxaChewBaccaJackPOSNemanja SorayaBrutPOSBaggageTriforceOGTripple Threat gooMAYnetLASTROMGetmypass LucyPOSPoslogrd4r3|dev1|
  • Slide 23
  • 2015 Check Point Software Technologies Ltd. 23 Exfiltration [Protected] Non-confidential content Card data hidden in local.dll file Malware copied.dll files to network share daily Known credentials used to access servers Card data moved to external FTP server
  • Slide 24
  • 2015 Check Point Software Technologies Ltd. 24 Follow the money [Protected] Non-confidential content Individual credential theft using keyloggers Wide scale credential theft using malware Attacks on bank's databases Attacks on the databases of card processors
  • Slide 25
  • 2015 Check Point Software Technologies Ltd. WHAT CAN WE DO ABOUT IT? [Protected] Non-confidential content
  • Slide 26
  • 2015 Check Point Software Technologies Ltd. 26 Four Steps to Improve PoS Security [Protected] Non-confidential content 1 Enforce network segmentation 2 Restrict device access, limit application use and secure data 3 Leverage Threat Prevention 4 Integrate security and event management
  • Slide 27
  • 2015 Check Point Software Technologies Ltd. 27 A View Towards Segmentation [Protected] Non-confidential content Highest-end security throughput Back-end system protected POS TERMINALS CARD SWIPING DEVICES (DATABASE SERVER) PAYMENT PROCESSING CENTER PoS systems isolated from rest of network
  • Slide 28
  • 2015 Check Point Software Technologies Ltd. 28 Use VPNs to Secure Communications [Protected] Non-confidential content All PoS traffic is isolated from other inter-segment interactions
  • Slide 29
  • 2015 Check Point Software Technologies Ltd. 29 Implement Application Controls With Device Identity Restrictions [Protected] Non-confidential content Point of Sale systems can communicate only with specific protocols Logging enabled for forensic purposes Device identity enforced in the policy
  • Slide 30
  • 2015 Check Point Software Technologies Ltd. 30 Data Security [Protected] Non-confidential content Define and enforce the flow of Credit Card and other critical data to the expected destination Any deviation will be prevented Generate automated alerts and automated isolation from the network.
  • Slide 31
  • 2015 Check Point Software Technologies Ltd. 31 Threat Prevention is a Must [Protected] Non-confidential content PCI includes requirements for anti-malware controls primarily for desktops Recommends but does NOT require additional malware protections Need to implement Threat Prevention across the network and not just malware monitoring
  • Slide 32
  • 2015 Check Point Software Technologies Ltd. 32 [Protected] Non-confidential content Use integrated event management to follow and break the kill chain
  • Slide 33
  • 2015 Check Point Software Technologies Ltd. 33 First View: All Events [Protected] Non-confidential content Important events prioritized on a timeline
  • Slide 34
  • 2015 Check Point Software Technologies Ltd. 34 Same Platform Enables Incident Management [Protected] Non-confidential content Prevented DLP incident triggers event log With source and destination details Event type and identifier of exfiltration attempt
  • Slide 35
  • 2015 Check Point Software Technologies Ltd. 35 Aggregation of Multi-Vector Attack Details [Protected] Non-confidential content Bot incident also identified Correlates to the same IP address Enables attribution and identification of method
  • Slide 36
  • 2015 Check Point Software Technologies Ltd. 36 Threat Emulation Finds POS Malware [Protected] Non-confidential content
  • Slide 37
  • 2015 Check Point Software Technologies Ltd. 37 2015 Check Point Software Technologies Ltd. THANK YOU! [Protected] Non-confidential content