PoS malware is constantly expanding and changing. In the past few years there have been multiple victims of PoS breaches from small to large organizations. Every year there are new variants discovered bypassing most security measures; this activity is not going to end. The threat actors are employing several tactics to infiltrate a network from phishing emails to remote logins. How is it possible with all the news we hear about involving breaches and compromises that it continues to happen? Companies stand up IDS, Firewalls, AV, and Security teams and the compromise still occurs. This interactive discussion will walk attendees through a small scale POS breach investigation based on numerous incident response investigations and intelligence collected by the SecureWorks Incident Response Team during PoS breaches. The attendees will play the role of the Digital Forensics and Incident Response team who are called in to perform analysis of a POS breach. Attendees will be provided information on-screen and will be responsible for identifying the POS malware, how the malware was placed on the systems, who/what placed it there, what other systems could be affected, how the intruder got into the network, etc.

Back to Bloomcon 2017 video list