The Art of Exfiltration : Digital Skimming
Submitted by Arjun BM (@arjunbm) on Thursday, 4 July 2019
Section: Crisp talk (20 mins) Category: Security Status: Confirmed & Scheduled
The explosion of online digital e-commerce platforms has triggered a race for customer acquisition which no retailer wants to lose or be left out of. As businesses look to deliver faster, easier and better services, security has always been an important factor in the customer value-chain. E-commerce websites continue to be lucrative targets to threat actors, who seek to compromise sensitive guest information. Several high-profile data breaches of ecommerce sites in 2018 has once again forced security researchers to don their thinking hats. New threat actors and vectors are emerging, making online shopping a riskier proposition. While not sacrificing customer experience, how can businesses stay safe in a highly competitive and ever-changing environment? What can be done to safeguard customer data and promote online shopping confidence?
Digital skimming is a threat which many CISOs admit, keeps them up at night. This talk is a comprehensive analysis, articulated from a rare combination of theoretical understanding and applied practical experience of this threat. The real-life hands-on operational experience the speaker has had in dealing with this threat is invaluable information. The talk is crisp, concise and purposeful - focused at providing key take-aways to the audience and equipping them with the capability to strengthen security controls within their own organization.
INTRODUCTION TO DIGITAL SKIMMING
WHAT IS A DIGITAL SKIMMING ATTACK?
MODUS OPERANDI OF THE ATTACK
THREAT ACTORS AND ATTACK VECTORS
ANATOMY OF A DIGITAL SKIMMING ATTACK
CHALLENGES IN DEALING WITH THIS ATTACK
COUNTERMEASURES AND REMEDIATION STEPS
Arjun is a Lead Information Security Analyst at Target Corporation. He is a security professional with diverse experience in architecting, designing, implementing & supporting IT Security & Vulnerability Management solutions in Enterprise & Cloud environments. He is an information security enthusiast with diverse experience in areas like Application Security, Security Architecture, DevSecOps, Cloud Security & Machine Learning. Currently, Arjun is working as a Security Analyst ensuring end-to-end implementation, design and governance of security measures for Target’s Digital & Marketing e-commerce platforms, aimed at brand protection and improving guest confidence. He has been closely following the digital skimming threat and is actively involved within his organization to research upon and ensure that defenses are in place to counter this threat.