SlideShare una empresa de Scribd logo

The Case of the Suspiciously Flawless Investigation

Descargar como PPTX, PDF
SecurityMetrics
SecurityMetrics

Updated March 16, 2017

TecnologíaEmpresariales
1 de 11
© 2016 SecurityMetrics The Case of the Suspiciously Flawless Investigation Forensic Files Series
BUSINESS BACKGROUND Ecommerce ticketing vendor based out of New York.
BUSINESS BACKGROUND Customer reported breach to Visa, claiming their credit card was hacked after buying a ticket to an event.
HOW HACKERS GOT IN Forensic investigation found no evidence of breach. Discovered a third party website licensed to sell vendor’s event tickets was actually the organization compromised.
HOW HACKERS GOT IN Third party had to pay noncompliance and compromise fines. Ecommerce events vendor subject to brand degradation and the cost of the forensic investigation ordered by Visa ($25,000).
HOW HACKERS GOT IN Since forensic investigation of third party was done by another forensic company, it is unknown exactly how hackers breached the third party. Similar situations indicate the possibility of SQL injection.
WHAT IS SQL INJECTION By feeding information into web forms that aren’t coded to reject illegitimate characters, attackers can glean little pieces of information about a business database based on output from erroneous entries.
WHAT IS SQL INJECTION If hackers can gain enough information about a database, it’s only a matter of time until they query it directly and gain administrative access.
WHAT THE BUSINESS DID WRONG Ecommerce events vendor didn’t perform due diligence to ensure licensed third party was operating a secure site.
WHAT IS 3RD PARTY DUE DILIGENCE? It is each organization’s responsibility to take reasonable steps to ensure contracted third parties operate securely. This means investigating IT vendors, paper shredding companies, and outsourced web developers before signing contracts and throughout the relationship.
www.securitymetrics.com Wenlock Free VP of Strategic Partnerships wfree@securitymetrics.com

Recomendados

Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca
- Mark - Fullbright
 
Year of the Data Breach 2014
Year of the Data Breach 2014Year of the Data Breach 2014
Year of the Data Breach 2014
Robert Lundahl
 
The 5 Phases of a Whaling Assault
The 5 Phases of a Whaling Assault The 5 Phases of a Whaling Assault
The 5 Phases of a Whaling Assault
Mimecast
 
Product Sheet: Small Business Risk Exchange
Product Sheet: Small Business Risk ExchangeProduct Sheet: Small Business Risk Exchange
Product Sheet: Small Business Risk Exchange
claytonroot
 
Money 2020 | Payments Innovation | FinTech Event
Money 2020 | Payments Innovation | FinTech EventMoney 2020 | Payments Innovation | FinTech Event
Money 2020 | Payments Innovation | FinTech Event
Quatrro Processing Services (QPS)
 
Fraud An International Perspective
Fraud An International PerspectiveFraud An International Perspective
Fraud An International Perspective
Steve Mitchinson
 
Detecting Spoof Domains
Detecting Spoof DomainsDetecting Spoof Domains
Detecting Spoof Domains
Digital Shadows
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
CBIZ Risk & Advisory Services
 

Recomendados

Special Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - caSpecial Report for Retail Businesses on IDENTITY THEFT - ca
Special Report for Retail Businesses on IDENTITY THEFT - ca
- Mark - Fullbright
 
Year of the Data Breach 2014
Year of the Data Breach 2014Year of the Data Breach 2014
Year of the Data Breach 2014
Robert Lundahl
 
The 5 Phases of a Whaling Assault
The 5 Phases of a Whaling Assault The 5 Phases of a Whaling Assault
The 5 Phases of a Whaling Assault
Mimecast
 
Product Sheet: Small Business Risk Exchange
Product Sheet: Small Business Risk ExchangeProduct Sheet: Small Business Risk Exchange
Product Sheet: Small Business Risk Exchange
claytonroot
 
Money 2020 | Payments Innovation | FinTech Event
Money 2020 | Payments Innovation | FinTech EventMoney 2020 | Payments Innovation | FinTech Event
Money 2020 | Payments Innovation | FinTech Event
Quatrro Processing Services (QPS)
 
Fraud An International Perspective
Fraud An International PerspectiveFraud An International Perspective
Fraud An International Perspective
Steve Mitchinson
 
Detecting Spoof Domains
Detecting Spoof DomainsDetecting Spoof Domains
Detecting Spoof Domains
Digital Shadows
 
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan BreachAny Information Can be Valuable and Other Lessons from the JP Morgan Breach
Any Information Can be Valuable and Other Lessons from the JP Morgan Breach
CBIZ Risk & Advisory Services
 
Forter - NOAH19 Tel Aviv
Forter - NOAH19 Tel AvivForter - NOAH19 Tel Aviv
Forter - NOAH19 Tel Aviv
NOAH Advisors
 
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Forter
 
A Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present FraudA Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present Fraud
Forter
 
Cybersecurity presentation
Cybersecurity presentationCybersecurity presentation
Cybersecurity presentation
Jaimin Sanghvi
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
Jonathon Much, ChFC®, AIF®
 
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
N F
 
Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify
Kevin Lewis
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft
- Mark - Fullbright
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Elizabeth Dimit
 
Credit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov modelCredit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov model
Shakas Technologies
 
What We Learned Working with Forter
What We Learned Working with ForterWhat We Learned Working with Forter
What We Learned Working with Forter
Simplifilm
 
Phishers
PhishersPhishers
Phishers
- Mark - Fullbright
 
3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve
Experian
 
RSA Conference 2016 Review
RSA Conference 2016 ReviewRSA Conference 2016 Review
RSA Conference 2016 Review
Norman W. Mayes, CISSP, MCSE, ITIL
 
Detecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious StatisticsDetecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious Statistics
Amardeep Singh
 
Combating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and SolveCombating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and Solve
Experian
 
Social Media Fraud Metrics
Social Media Fraud MetricsSocial Media Fraud Metrics
Social Media Fraud Metrics
Antigoni-Maria Founta
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
Quick Heal Technologies Ltd.
 
You Can Fight Identity Theft
You Can Fight Identity TheftYou Can Fight Identity Theft
You Can Fight Identity Theft
- Mark - Fullbright
 
You Have the Power to Stop Identity Theft
You Have the Power to Stop Identity TheftYou Have the Power to Stop Identity Theft
You Have the Power to Stop Identity Theft
- Mark - Fullbright
 
The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
SecurityMetrics
 

Más contenido relacionado

La actualidad más candente

Combating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and SolveCombating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and Solve
Experian
 

La actualidad más candente (20)

Forter - NOAH19 Tel Aviv
Forter - NOAH19 Tel AvivForter - NOAH19 Tel Aviv
Forter - NOAH19 Tel Aviv
 
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
Know Your Fraudster: Leveraging everything you've got to prepare for post-EMV...
 
A Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present FraudA Practical Guide to Post-EMV Card Not Present Fraud
A Practical Guide to Post-EMV Card Not Present Fraud
 
Cybersecurity presentation
Cybersecurity presentationCybersecurity presentation
Cybersecurity presentation
 
Identity Theft
Identity Theft Identity Theft
Identity Theft
 
Internet fraud #scichallenge2017
Internet fraud #scichallenge2017Internet fraud #scichallenge2017
Internet fraud #scichallenge2017
 
Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify Introducing: Powered by Avant and AvantVerify
Introducing: Powered by Avant and AvantVerify
 
Business Identity Theft
Business Identity TheftBusiness Identity Theft
Business Identity Theft
 
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity TheftYour Employees at Risk: The New, Dangerous Realities of Identity Theft
Your Employees at Risk: The New, Dangerous Realities of Identity Theft
 
Credit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov modelCredit card fraud detection using hidden markov model
Credit card fraud detection using hidden markov model
 
What We Learned Working with Forter
What We Learned Working with ForterWhat We Learned Working with Forter
What We Learned Working with Forter
 
Phishers
PhishersPhishers
Phishers
 
3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve3 tips to increase response rates when marketing to a business - Sip and Solve
3 tips to increase response rates when marketing to a business - Sip and Solve
 
RSA Conference 2016 Review
RSA Conference 2016 ReviewRSA Conference 2016 Review
RSA Conference 2016 Review
 
Detecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious StatisticsDetecting Ddata: The Search For Surreptitious Statistics
Detecting Ddata: The Search For Surreptitious Statistics
 
Combating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and SolveCombating digital fraud attacks - Sip and Solve
Combating digital fraud attacks - Sip and Solve
 
Social Media Fraud Metrics
Social Media Fraud MetricsSocial Media Fraud Metrics
Social Media Fraud Metrics
 
Online Scams and Frauds
Online Scams and FraudsOnline Scams and Frauds
Online Scams and Frauds
 
You Can Fight Identity Theft
You Can Fight Identity TheftYou Can Fight Identity Theft
You Can Fight Identity Theft
 
You Have the Power to Stop Identity Theft
You Have the Power to Stop Identity TheftYou Have the Power to Stop Identity Theft
You Have the Power to Stop Identity Theft
 

Destacado

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
SecurityMetrics
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
SecurityMetrics
 
Calligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print ArtCalligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print Art
The brand Saloon Inc.
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hacking
jignesh khunt
 

Destacado (8)

The Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit CardsThe Case of the Stockpiled Credit Cards
The Case of the Stockpiled Credit Cards
 
The Case of the Mistaken Malware
The Case of the Mistaken MalwareThe Case of the Mistaken Malware
The Case of the Mistaken Malware
 
Calligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print ArtCalligraphy Artist Davewood & Best Framed Print Art
Calligraphy Artist Davewood & Best Framed Print Art
 
HP Software Performance Tour 2014 - See the Big Picture in Big Data
HP Software Performance Tour 2014 - See the Big Picture in Big Data HP Software Performance Tour 2014 - See the Big Picture in Big Data
HP Software Performance Tour 2014 - See the Big Picture in Big Data
 
Auditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing FranchiseeAuditing Archives: The Case of the File Sharing Franchisee
Auditing Archives: The Case of the File Sharing Franchisee
 
Web spoofing hacking
Web spoofing hackingWeb spoofing hacking
Web spoofing hacking
 
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
Predictive Analytics - Display Advertising & Credit Card Acquisition Use cases
 
Credit Card Merchant Services
Credit Card Merchant ServicesCredit Card Merchant Services
Credit Card Merchant Services
 

Similar a The Case of the Suspiciously Flawless Investigation

Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
cowinhelen
 
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
hyacinthshackley2629
 
Identity Theft business
Identity Theft businessIdentity Theft business
Identity Theft business
Matt Smith
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
Don Grauel
 
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docxUnit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
dickonsondorris
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
wlynn1
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer Accounts
Abbie Olson
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_point
efandeye
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
ArielMcCurdy
 
Cybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docxCybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docx
theodorelove43763
 
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
ClubHack
 

Similar a The Case of the Suspiciously Flawless Investigation (20)

rajat_ppt
rajat_pptrajat_ppt
rajat_ppt
 
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docxCase in PointInaction Caused Costly Hacking At Large Retailer.docx
Case in PointInaction Caused Costly Hacking At Large Retailer.docx
 
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
1112015 search.proquest.comcriminaljusticeperiodicalsprint.docx
 
Cyber breach at target.pptx
Cyber breach at target.pptxCyber breach at target.pptx
Cyber breach at target.pptx
 
KYC Solutions for online gambling
KYC Solutions for online gamblingKYC Solutions for online gambling
KYC Solutions for online gambling
 
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your AssetsWeak Links: Cyber Attacks in the News & How to Protect Your Assets
Weak Links: Cyber Attacks in the News & How to Protect Your Assets
 
Identity Theft business
Identity Theft businessIdentity Theft business
Identity Theft business
 
George Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler SeminarGeorge Gavras 2010 Fowler Seminar
George Gavras 2010 Fowler Seminar
 
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docxUnit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
Unit VI Case StudyHeadnoteIn addition to knowing how to fo.docx
 
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docxRunning head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
Running head HOW TO AVOID INTERNET SCAMS AT THE WORKPLACE 1 .docx
 
Hacked Customer Accounts
Hacked Customer AccountsHacked Customer Accounts
Hacked Customer Accounts
 
Preventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity TheftPreventing Internet Fraud By Preventing Identity Theft
Preventing Internet Fraud By Preventing Identity Theft
 
Identity theft power_point
Identity theft power_pointIdentity theft power_point
Identity theft power_point
 
Top Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout HistoryTop Law Firm Cyber Attacks Throughout History
Top Law Firm Cyber Attacks Throughout History
 
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki... Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
Business Fraud and Cybersecurity Best Practices in the Office or While Worki...
 
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech TalentRansomware Gang Masquerades as Real Company to Recruit Tech Talent
Ransomware Gang Masquerades as Real Company to Recruit Tech Talent
 
Fraud Presentation
Fraud PresentationFraud Presentation
Fraud Presentation
 
Cybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docxCybersecurity Research Paper instructionsSelect a research topic.docx
Cybersecurity Research Paper instructionsSelect a research topic.docx
 
Types of cyber crime
Types of cyber crimeTypes of cyber crime
Types of cyber crime
 
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
Harshad - Economic offenses through Credit Card Frauds Dissected - ClubHack2008
 

Más de SecurityMetrics

Más de SecurityMetrics (20)

Hipaa Reality Check
Hipaa Reality CheckHipaa Reality Check
Hipaa Reality Check
 
Understanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping SupplementUnderstanding the New PCI DSS Scoping Supplement
Understanding the New PCI DSS Scoping Supplement
 
How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach How to Effectively Manage a Data Breach
How to Effectively Manage a Data Breach
 
How to Secure Your Medical Devices
How to Secure Your Medical DevicesHow to Secure Your Medical Devices
How to Secure Your Medical Devices
 
How to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS AuditHow to Prepare for a PCI DSS Audit
How to Prepare for a PCI DSS Audit
 
Medical Data Encryption 101
Medical Data Encryption 101Medical Data Encryption 101
Medical Data Encryption 101
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop Connection
 
Window of Compromise
Window of CompromiseWindow of Compromise
Window of Compromise
 
HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored? HIPAA PHI Protection: Where is Your PHI Stored?
HIPAA PHI Protection: Where is Your PHI Stored?
 
The 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk AnalysisThe 5 Step HIPAA Risk Analysis
The 5 Step HIPAA Risk Analysis
 
5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit5 Documents to Prepare for a HIPAA Audit
5 Documents to Prepare for a HIPAA Audit
 
Don't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your EmpolyeesDon't Let Phishing Emails Hook Your Empolyees
Don't Let Phishing Emails Hook Your Empolyees
 
What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards? What's Causing You to Store Unencrypted Payment Cards?
What's Causing You to Store Unencrypted Payment Cards?
 
5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach5 Steps to Manage a Data Breach
5 Steps to Manage a Data Breach
 
Auditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java ScriptAuditing Archives: The Case of the Evil Java Script
Auditing Archives: The Case of the Evil Java Script
 
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk ClerkAuditing Archives: The Case of the Overly Helpful Front Desk Clerk
Auditing Archives: The Case of the Overly Helpful Front Desk Clerk
 
What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?What Does the End of Windows XP Mean For Businesses?
What Does the End of Windows XP Mean For Businesses?
 
How Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for BusinessHow Ethical Hacking is Healthy for Business
How Ethical Hacking is Healthy for Business
 
Mobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data CompromiseMobile Processing: The Perfect Storm for Data Compromise
Mobile Processing: The Perfect Storm for Data Compromise
 
Why Breach Protection Isn't Optional Anymore
Why Breach Protection Isn't Optional AnymoreWhy Breach Protection Isn't Optional Anymore
Why Breach Protection Isn't Optional Anymore
 

Último

Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Orbitshub
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
panagenda
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
UiPathCommunity
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
?#DUbAI#??##{{(☎️+971_581248768%)**%*]'#abortion pills for sale in dubai@
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
WSO2
 

Último (20)

Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
WSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering DevelopersWSO2's API Vision: Unifying Control, Empowering Developers
WSO2's API Vision: Unifying Control, Empowering Developers
 
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdfRising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
Rising Above_ Dubai Floods and the Fortitude of Dubai International Airport.pdf
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Platformless Horizons for Digital Adaptability
Platformless Horizons for Digital AdaptabilityPlatformless Horizons for Digital Adaptability
Platformless Horizons for Digital Adaptability
 
[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf[BuildWithAI] Introduction to Gemini.pdf
[BuildWithAI] Introduction to Gemini.pdf
 
ICT role in 21st century education and its challenges
ICT role in 21st century education and its challengesICT role in 21st century education and its challenges
ICT role in 21st century education and its challenges
 
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 AmsterdamDEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
DEV meet-up UiPath Document Understanding May 7 2024 Amsterdam
 
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
Apidays New York 2024 - APIs in 2030: The Risk of Technological Sleepwalk by ...
 
JohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptxJohnPollard-hybrid-app-RailsConf2024.pptx
JohnPollard-hybrid-app-RailsConf2024.pptx
 
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
+971581248768>> SAFE AND ORIGINAL ABORTION PILLS FOR SALE IN DUBAI AND ABUDHA...
 
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
Apidays New York 2024 - Accelerating FinTech Innovation by Vasa Krishnan, Fin...
 
Artificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : UncertaintyArtificial Intelligence Chap.5 : Uncertainty
Artificial Intelligence Chap.5 : Uncertainty
 
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
AI+A11Y 11MAY2024 HYDERBAD GAAD 2024 - HelloA11Y (11 May 2024)
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
AI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by AnitarajAI in Action: Real World Use Cases by Anitaraj
AI in Action: Real World Use Cases by Anitaraj
 
Architecting Cloud Native Applications
Architecting Cloud Native ApplicationsArchitecting Cloud Native Applications
Architecting Cloud Native Applications
 
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot ModelMcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
Mcleodganj Call Girls 🥰 8617370543 Service Offer VIP Hot Model
 

The Case of the Suspiciously Flawless Investigation

  • 1. © 2016 SecurityMetrics The Case of the Suspiciously Flawless Investigation Forensic Files Series
  • 2. BUSINESS BACKGROUND Ecommerce ticketing vendor based out of New York.
  • 3. BUSINESS BACKGROUND Customer reported breach to Visa, claiming their credit card was hacked after buying a ticket to an event.
  • 4. HOW HACKERS GOT IN Forensic investigation found no evidence of breach. Discovered a third party website licensed to sell vendor’s event tickets was actually the organization compromised.
  • 5. HOW HACKERS GOT IN Third party had to pay noncompliance and compromise fines. Ecommerce events vendor subject to brand degradation and the cost of the forensic investigation ordered by Visa ($25,000).
  • 6. HOW HACKERS GOT IN Since forensic investigation of third party was done by another forensic company, it is unknown exactly how hackers breached the third party. Similar situations indicate the possibility of SQL injection.
  • 7. WHAT IS SQL INJECTION By feeding information into web forms that aren’t coded to reject illegitimate characters, attackers can glean little pieces of information about a business database based on output from erroneous entries.
  • 8. WHAT IS SQL INJECTION If hackers can gain enough information about a database, it’s only a matter of time until they query it directly and gain administrative access.
  • 9. WHAT THE BUSINESS DID WRONG Ecommerce events vendor didn’t perform due diligence to ensure licensed third party was operating a secure site.
  • 10. WHAT IS 3RD PARTY DUE DILIGENCE? It is each organization’s responsibility to take reasonable steps to ensure contracted third parties operate securely. This means investigating IT vendors, paper shredding companies, and outsourced web developers before signing contracts and throughout the relationship.
  • 11. www.securitymetrics.com Wenlock Free VP of Strategic Partnerships wfree@securitymetrics.com