the magecart threat and how you can
play

The Magecart threat and how you can mitigate the risk to your - PowerPoint PPT Presentation

May 18, 2023 •150 likes •471 views

15:20 15:40 The Magecart threat and how you can mitigate the risk to your organisation Benjamin Sims Founder Tech City Labs #teissamsterdam1 9 MAGECART: HOW TWO HUGE COMPANIES LOST 450,000 CUSTOMERS DETAILS AND HOW YOU CAN STOP IT

  1. 15:20 – 15:40 The Magecart threat and how you can mitigate the risk to your organisation Benjamin Sims Founder Tech City Labs #teissamsterdam1 9

  2. MAGECART: HOW TWO HUGE COMPANIES LOST 450,000 CUSTOMERS’ DETAILS AND HOW YOU CAN STOP IT HAPPENING TO YOU

  3. ABOUT ME Benjamin Sims - Founder of Tech City Labs DATA - Background in data engineering and security - Advise law firms on litigation around hacking, DETECTIVE phishing on fraud cases

  4. ABOUT THIS TALK - Based on public information and (a little) speculation - No inside knowledge - Check out riskiq.com

  5. TICKETMASTER

  6. BRITISH AIRWAYS

  7. WHO DID IT? - ‘Magecart’ - Background in shopping cart hacks - Actually 6 or 7 groups - Card numbers sold on to carding forums in bulk

  8. MORE AND MORE SOPHISTICATED - Deliberate targeting - SSL certificates - Infrastructure designed to blend in - A whole industry: marketplaces, specialist suppliers

  9. DATA LOST Names ● Addresses ● Credit card numbers ● Phone numbers ● CVC codes ●

  10. 3RD PARTY JAVASCRIPT INJECTION:

  11. EVERY WEBSITE AFFECTED 91

  12. THE TICKETMASTER HACK HACK

  13. WHAT IT WAS SUPPOSED TO DO

  14. INCLUDED ON EVERY PAGE ON THE SITE

  15. … AND SOMEBODY HACKED IT

  16. … TO INCLUDE SKIMMER CODE

  17. PEOPLE START TO NOTICE Text May 10th (46 days) April 12th (28 days)

  18. BRITISH AIRWAYS - Targeted attack, script highly modified to work only on ba.com - Hidden in edited version of the open source Modernizr library - Hosted on BA’s *own website* - Most likely the CMS compromised in some way

  19. PEOPLE START TO NOTICE

  20. PEOPLE START TO NOTICE Text: 6th June (73 days)

  21. THEY REALISE… 130 days, 40,000 sets of user details (in the UK)

  22. BRITISH AIRWAYS 14 days... 380,000 customer details taken

  23. MANY MORE

  24. HOW TO AVOID BEING THE NEXT VICTIM? 1. Who can make changes? 2. Who have you trusted? 3. Listen to your users and partners 4. Technical solutions

  25. WHO CAN MAKE CHANGES? MARKETING? DESIGN?

  26. WHO HAVE YOU TRUSTED?

  27. LISTEN WHEN PEOPLE TELL YOU YOU'VE BEEN HACKED

  28. TECHNICAL SOLUTIONS - iFrame sandboxing - source code monitoring - SRI

  29. SRI Magecart don't want you to know this one simple trick! Subresource integrity checking ● W3C recommendation from 2016 ● Supported by 90% of browsers ●

  30. ALL YOU NEED TO DO srihash.org

  31. Available for questions / consulting @techcitylabs benjamin@techcitylabs.com

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Assessment What is Threat Assessment Threat assessment is the process of gathering

Assessment What is Threat Assessment Threat assessment is the process of gathering

Threat Assessment What is Threat Assessment Threat assessment is the process of gathering information to understand the threat of violence posed by a person. Threat management is the process of developing and executing plans to mitigate

332 views • 15 slides
Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to

Honeymoon Threat Restoration Rescue Phases of Disaster Despair Threat Threat Phase: Small events serve as a warning or threat to normal living. A disaster has not yet oc- curred, but there is a sense of impending doom. Individual

604 views • 6 slides
What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape

DDoS & Modern Threat Motives Dan Holden Director, ASERT What Does This Advanced Threat Landscape Look Like? Advanced Threat Landscape Geo-poli:cal More defenses ? App/Content t a

1.13k views • 44 slides
Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be

Active Threat on Campus Prevention & Response Active threat defined An active threat can be defined as: A person whose immediate activity can cause death and/or serious injury An active threat can involve a firearm or another

395 views • 15 slides
Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los

Offensive Threat Modeling for Attackers turning threat modeling on its head Rafal M. Los Chief Security Evangelist HP Software Shane MacDougall Principal Tactical Intelligence Modern threat modeling is a defensive response to

783 views • 52 slides
Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect

Threat Modeling and S haring S ummary Proposal to kick off Threat Modeling proj ect Multi-phase approach Initially: create Cyber Domain PIM and S TIX PS M with UML Profile for NIEM Expand to other PS M, create Threat Meta

211 views • 10 slides
Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force

Proposed Low-Threat Petroleum UST Closure Policy SWRCB Low-Threat UST Closure Policy Task Force Los Angeles RWQCB Presentation September 15, 2011 Prologue Low-Threat Policy: An Evolutionary Process STATE WATER RESOURCES CONTROL BOARD

528 views • 31 slides
Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go

Web Security What should be the Threat Model for the Web? Goal and Threat Model Much can go wrong on the web! Clients encounter malicious content Web servers are target of break-ins Fake content/servers trick users Data sent

446 views • 16 slides
Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3

Integrated Threat Management Appliance 1 http://www.youtube.com/watch?v=F 7pYHN9iC9I 2 3 Denial of Service Attack (DoS) 4 THREAT CATEGORY THREAT ACTION TYPE Malware/Badware Send data to the external entity/site, Trapdoor/Backdoor Entry,

719 views • 23 slides
Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430)

Introduction Threat Models CS 5431 February 10, 2017 Threat Models Threats (CS 5430) Inquisitive people, unintentional blunders Hackers driven by technical challenges Disgruntled employees or

357 views • 23 slides
How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR

How to use soft OA methods to explore future IED threat and their countermeasures 27 ISMOR 2010 Introduction Cause Current threat around IEDs is continuously changing Little known about possible future threat Goal List

210 views • 16 slides
and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy

Harmful Algal Blooms, Agricultural Initiatives, and Research Programs Threat to Aquatic Life and Water Quality Threat to local economy (Fisheries, Recreation, Tourism etc.) Sources: both Urban & Rural Whats Agricultures

520 views • 24 slides
Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

Topics 1 . Building national interest in threat assessm ent 2 . Virginia threat assessm ent m

The Virginia Model of School Threat Assessment June 19, 2019 Dewey Cornell, Ph.D. The Virginia Model of School Threat Assessm ent Dewey Cornell, Ph.D. Curry School of Education University of Virginia 434-924-8929 Email:

299 views • 15 slides
Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and

Insider Threat Insider Threat (Database Intrusion Detection) 1 Insider Threats: Motivation and Challenges Challenges Mission critical information = High value target Threatens Government organizations and large corporations

435 views • 39 slides
Counterintelligence & Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence & Insider Threat Detection National Insider Threat Special Interest Group

Counterintelligence & Insider Threat Detection National Insider Threat Special Interest Group July 18, 2017 Douglas D. Thomas Director, Counterintelligence Operations & Corporate Investigations Lockheed Martin Counterintelligence

706 views • 16 slides
Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2

Th The ABC BCs of of ICS Th Threat Act ctiv ivit ity y Grou oups Au August st 2 26, 2 2020 Sergio Caltagirone Dave Bittner VP Threat Intelligence Producer & Host Dragos The CyberWire Podcast Before we get started - The

874 views • 17 slides
David ONeil, Nortoft Planning NHPCs aims and objectives Clear focus on (new)

David ONeil, Nortoft Planning NHPCs aims and objectives Clear focus on (new)

North Hinksey Parish Council Rejuvenation of the Louie Memorial Fields, Pavilion, Scout Hut and Playing Areas Presentation to the Recreation & Amenities Committee 25 th January 2018 David ONeil, Nortoft Planning NHPCs aims and

350 views • 16 slides
Public Meeting for Advance Notice of Proposed Rulemaking (ANPR) on Safeguarding Unclassified

Public Meeting for Advance Notice of Proposed Rulemaking (ANPR) on Safeguarding Unclassified

Public Meeting for Advance Notice of Proposed Rulemaking (ANPR) on Safeguarding Unclassified Information (DFARS Case 2008-D028) Kristen Baldwin Director, Systems Analysis OUSD(AT&L)DDR&E/Systems Engineering April 22, 2010 1 Purpose

488 views • 9 slides
INVESTOR PRESENTATION INVESTOR PRESENTATION APRIL 2020 JULY 2020 DISCLAIMER DISCLAIMER THE

INVESTOR PRESENTATION INVESTOR PRESENTATION APRIL 2020 JULY 2020 DISCLAIMER DISCLAIMER THE

INVESTOR PRESENTATION INVESTOR PRESENTATION APRIL 2020 JULY 2020 DISCLAIMER DISCLAIMER THE INFORMATION CONTAINED IN THIS DOCUMENT HAS BEEN COMPILED FROM SOURCES BELIEVED TO BE RELIABLE. VOX ROYALTY CORP. (THE COMPANY) DOES NOT GUARANTEE

226 views • 22 slides
Aeroacoustics of Three-Stream Jets Brenda Henderson* NASA Glenn Research Center, Cleveland, OH

Aeroacoustics of Three-Stream Jets Brenda Henderson* NASA Glenn Research Center, Cleveland, OH

https://ntrs.nasa.gov/search.jsp?R=20120018041 2018-06-05T20:34:36+00:00Z Aeroacoustics of Three-Stream Jets Brenda Henderson* NASA Glenn Research Center, Cleveland, OH Results from acoustic measurements of noise radiated from a heated,

477 views • 18 slides
CD with Kubernetes: The Prequel @pritianka @pritianka #velocityconf #velocityconf 1 Speaker

CD with Kubernetes: The Prequel @pritianka @pritianka #velocityconf #velocityconf 1 Speaker

CD with Kubernetes: The Prequel @pritianka @pritianka #velocityconf #velocityconf 1 Speaker Priyanka Sharma Director of Technical Evangelism - GitLab Board Member - Cloud Native Computing Foundation @pritianka @pritianka #velocityconf

490 views • 36 slides
Cnova Half Year 2019 Activity & Financial Performance July 24, 2019 Disclaimer

Cnova Half Year 2019 Activity & Financial Performance July 24, 2019 Disclaimer

Cnova Half Year 2019 Activity & Financial Performance July 24, 2019 Disclaimer Forward-Looking Statements This presentation contains forward-looking statements. Such forward-looking statements may generally be identified by, but not limited

666 views • 31 slides
2017 Virgin Australia International Rules Match Ball presentation Promotion Terms and Conditions

2017 Virgin Australia International Rules Match Ball presentation Promotion Terms and Conditions

2017 Virgin Australia International Rules Match Ball presentation Promotion Terms and Conditions 1. Information on how to enter and prizes form part of these Conditions of Entry. Participation in this competition is deemed acceptance of these

323 views • 4 slides
Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2

Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2

DRAFT | For Discussion Purposes Stadium Proposal Review of Proposal | Update on Modeling Progress OVERVIEW OF BASELINE MODEL 2 State of Nevada Creates Stadium Authority via State Legislation $750 MM $750 MM Las Vegas How the Clark County

569 views • 32 slides

More recommend