Anatomy of memory scraping, credit card stealing POS malware

Presented at AppSec USA 2014, Sept. 18, 2014, 10:30 a.m. (45 minutes).

Learn the nuts-and-bolts of how a memory scraping, credit card stealing point-of-sale (POS) malware works and identify strategies that you can implement to make it hard for the bad guys.

Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where this information is vulnerable is in process memory and the bad guys have already found ways of stealing it from there.

This presentation has three parts. The first part will introduce RAM scraping techniques and how they were recently used in conjunction with point-of-sale (POS) systems to steal credit card data. The nuts-and-bolts of such malware will be studied to understand its behavior and working. This technique evades security measures including encryption on disk and encryption in transit as the information is available un-encrypted in process memory before or after encryption. The second part of the presentation will be a demo of such a home grown malware which will allow us to study how these techniques behaves under different circumstances. The demo will lead to the third part which will suggest methods that will make it hard on the malware. This includes various techniques including changing memory sizes or making it hard for the malware to identifying POS process or all together changing the attributes of the POS process so that it could be hidden. Finally we will also go over some techniques that will aid in finding RAM scraping malware and making it difficult for such malware to do it's job.


Presenters:

  • Amol Sarwate - Director of Vulnerability and Compliance Labs - Qualys Inc.
    As Director of Vulnerability Labs at Qualys, Amol Sarwate heads a worldwide team of security researchers who analyze threat landscape of exploits, vulnerabilities and attacks. He is a veteran of the security industry who has worked for the last 15 years on firewalls, vulnerability scanners, embedded security at McAfee, Hitachi, i2 and other organizations. He has presented his research on various topics like Vulnerability Trends, Credit Card Malware, Security Axioms, SCADA and Exploits at many conferences like RSA, BlackHat, AppSec, and others.

Links:

Similar Presentations: