Presentation Material
Abstract
Attacks that I have responded to in the recent past have rarely been conducted for fun. The monetary motivation of the hackers is obvious. In this presentation I will discuss real world attacks that entailed a deadly combination of financial fraud and computer crime. The case studies will discuss how the white collared criminals (financial wizards) operate in tandem with computer hackers to rake in the moolah! The focus of the presentation will be on the techniques used by the hackers to obtain the information necessary to successfully execute such attacks.
Note: Not for the faint-hearted!
AI Generated Summarymay contain errors
Here is a summary of the content:
The speaker, an expert in cybersecurity,. describes a case of cyber extortion where a retail company was threatened by an attacker who had planted a backdoor in their application code. The backdoor was discovered when the attacker sent an email demanding $250,000 in exchange for not releasing sensitive customer data. The backdoor was hidden in a SQL query that would only execute if a specific fifth parameter “let me in” was present in the URL. The query would return sensitive data, which the attacker could then use to extort money from the company.
The investigation revealed that the backdoor was inserted by a rogue developer from a third-party development firm based in Asia, who had been contracted to develop the application. The developer had checked in the malicious code, and the IP address associated with the requests containing the fifth parameter also came from the same country.
Thanks to quick action and cooperation with law enforcement, the extortion attempt was thwarted within 72 hours. The speaker notes that if the backdoor had not been so obvious, their next steps would have been unclear, but they were able to prevent the CEO from paying the ransom.
The case highlights the importance of having proper security measures in place when working with third-party developers, including service level agreements (SLAs) that cover security. The speaker concludes that retail companies still use third-party developers, but there is a growing awareness of the need for better security practices and SLAs to mitigate these types of risks.