Presentation Material
Abstract
Learn the nuts-and-bolts of how a memory scraping, credit card stealing point-of-sale (POS) malware works and identify strategies that you can implement to make it hard for the bad guys.
Sensitive information, like credit card numbers, are encrypting on disk and also during transit. But the one place where this information is vulnerable is in process memory and the bad guys have already found ways of stealing it from there.
This presentation has three parts. The first part will introduce RAM scraping techniques and how they were recently used in conjunction with point-of-sale (POS) systems to steal credit card data. The nuts-and-bolts of such malware will be studied to understand its behavior and working. This technique evades security measures including encryption on disk and encryption in transit as the information is available un-encrypted in process memory before or after encryption. The second part of the presentation will be a demo of such a home grown malware which will allow us to study how these techniques behaves under different circumstances. The demo will lead to the third part which will suggest methods that will make it hard on the malware. This includes various techniques including changing memory sizes or making it hard for the malware to identifying POS process or all together changing the attributes of the POS process so that it could be hidden. Finally we will also go over some techniques that will aid in finding RAM scraping malware and making it difficult for such malware to do it’s job.
AI Generated Summary
The talk focuses on the anatomy of credit card stealing RAM scraping point-of-sale (POS) malware. The researcher presented a detailed analysis of how this type of malware works, including the techniques used to scrape credit card data from the memory of POS systems.
Key findings include the fact that many POS systems run on Windows, making them vulnerable to malware attacks. The malware uses various Windows API calls to elevate its privileges, attach to the POS process, and scrape credit card data from memory. The researcher demonstrated a working POS system and showed how the malware can extract credit card numbers, including the primary account number, expiration date, and card verification value.
The talk also highlighted the challenges of detecting and preventing these types of attacks, as the malware can optimize itself to quickly find credit card data in memory before the POS system can encrypt or zero out the data. The researcher emphasized the importance of securing POS systems and credit card data, both at rest and in transit, to prevent these types of attacks.
Practical implications of the research include the need for merchants and banks to implement robust security measures to protect credit card data, such as encrypting data in memory and using secure protocols for data transmission. Additionally, the talk highlighted the importance of regularly updating and patching POS systems to prevent malware attacks. Overall, the research provides valuable insights into the workings of credit card stealing RAM scraping POS malware and the need for improved security measures to prevent these types of attacks.