Maryman- Digital Forensic Services

Website Payment Card Breach

CASE STUDY

Website Payment Card Breach Incident Response Case Study

Tags
Website Breach, Credit Card Breach, Payment Card Breach, WordPress
Case Study on Website Payment Card Breach

Background

The Maryman team was contacted by a local product rentals company that manages their own website which processes credit card payments, including recurring monthly payments for rentals. During a routine update to the website, the website developer discovered a single line of additional code on the page for payment card processing that was not written, nor inserted by, any of the website developers.

Scope

The Maryman team was requested to perform a software application review of the website, specifically the code on the webpages for payment card processing. Included in the scope was a review of all the appropriate logs for the website and web developers’ accounts to determine if any of their accounts were compromised.

Preservation

The entire website was forensically preserved. Additionally, all pertinent web logs, including file transfer logs, were preserved for analysis.

Analysis and Findings

The Maryman team was able to confirm that the rogue script was not added by the web development team. Like many websites on the internet, this website was built on WordPress. Unfortunately, there were three major security patches for WordPress that had not been deployed to the site to fix the vulnerabilities in WordPress. The forensic analysis indicated that one of the vulnerabilities had been exploited to launch the attack and deploy the rogue script into the website code.

The rogue script forwarded the credit card numbers to another website that was suspected to have been compromised by the same hackers. We worked in collaboration with the other company, and it was discovered that the credit card numbers were being forwarded to the Middle East.

Next Steps

The Maryman team made a series of recommendations to the website development team. Based on the analysis, the recommendations went beyond just the immediate remediation but also included some website best practices, following the Open Worldwide Application Security Project (OWASP) Top Ten. https://owasp.org/www-project-top-ten/

Outcomes

The Maryman team was able to determine the root cause of the breach of the client website, determine the scope of affected credit cards and individuals, as well as assist the client with the remediation of the website by identifying all malicious scripts inserted by the attackers. A subsequent website security assessment determined that while the same attackers tried to get in again, these attacks were ultimately unsuccessful.

Our Mission

To provide our clients with solutions that are conducted with complete confidentiality and proven expertise, replacing questions and liabilities with answers and value. To be responsive to the unique and individual needs of our clients and consistently deliver quality professional services at reasonable costs.

Request a
Consultation Today

818-290-3775

Maryman- Digital Forensic Services
© Copyright 2001 – 2023. Maryman PI Number: CA PI # 26012 | Privacy Policy | All Rights Reserved.
Maryman- Digital Forensic Services

Founded in 2001, Maryman is a professional services firm with 100+ years of experience in digital forensics, specializing in the  full range of investigative and litigation support for cyber matters. Headquartered in Los Angeles, we serve our clients nationwide with local response and global reach across all continents.

Our Services

Digital Forensics Incident Response (DFIR)

Cyber Investigations

Electronic Discovery (e-Discovery)

Expert Witness Testimony Services

Email Forensics (Device & Cloud Accounts)

Mobile (Cell Phone) Forensics

Contacts

joe.greenfield@maryman.com
818-290-3775
  • 16000 Ventura Blvd. Suite 1204 Encino, CA 91436
  • *Office visits are by appointment only
© Copyright 2001 – 2024. Maryman PI Number: CA PI # 26012 | Privacy Policy | All Rights Reserved. Developed by TLG Marketing
Scroll to Top