Learn the nuts-and-bolts of how a memory scraping, credit card stealing point-of-sale (POS) malware works and identify strategies that you can implement to make it hard for the bad guys.
Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where this information is vulnerable is in process memory and the bad guys have already found ways of stealing it from there.
This presentation has three parts. The first part will introduce RAM scraping techniques and how they were recently used in conjunction with point-of-sale (POS) systems to steal credit card data. The nuts-and-bolts of such malware will be studied to understand its behavior and working. This technique evades security measures including encryption on disk and encryption in transit as the information is available un-encrypted in process memory before or after encryption. The second part of the presentation will be a demo of such a home grown malware which will allow us to study how these techniques behaves under different circumstances. The demo will lead to the third part which will suggest methods that will make it hard on the malware. This includes various techniques including changing memory sizes or making it hard for the malware to identifying POS process or all together changing the attributes of the POS process so that it could be hidden. Finally we will also go over some techniques that will aid in finding RAM scraping malware and making it difficult for such malware to do it's job.