[BreachExchange] It’s a Wonderful Time of the Year… for Hackers
Audrey McNeil
audrey at riskbasedsecurity.com
Mon Dec 18 18:59:50 EST 2017
http://www.techbiteme.com/information-technology/its-a-
wonderful-time-of-the-year-for-hackers/
The holiday season is in full swing and once again we can expect to see a
surge in cyber attacks targeting retailers and consumers. Research from the
National Retail Federation shows that spending during the winter holidays
outstrips retail sales during all other holidays throughout the year –
combined! From Black Friday to sales in January, this is the most wonderful
time of the year for retailers, and this trend will likely continue. A
survey by RetailMeNot shows that consumers are expected to spend an average
of $743-holiday shopping between Black Friday and Cyber Monday this year, a
47 percent increase from 2016’s average of $505.
Unfortunately, increased spending also makes this a wonderful time of the
year for cybercriminals seeking a share of the action. But the good news is
that by understanding the tactics, techniques, and procedures (TTPs) of
cybercriminals, there’s a lot retailer and consumers can do to remediate
risk.
Here I’ll focus on a third, payment card systems risk. As more money flows,
criminals have even more opportunity to acquire consumer credit card
details. Analysis of one well-known credit card shop on the dark web
reveals that over 93,000 card details have been added since the beginning
of November. Hackers target retailers in two main ways: through Point of
Sale (POS) systems and physical skimming devices.
1. POS malware. Cybercriminals can develop or even rent malware that
targets retailers’ POS software. Many new variants have emerged this year,
including RawPOS and MajikPOS. Most of the infections from the latter were
reported in the United States and Canada. A modified version of the Zeus
banking trojan was also identified targeting POS systems, predominantly in
Russia and Kazakhstan, and searching for and exfiltrating payment card
Track 1 and Track 2 data to its command and control (C2) server. While Zeus
can be executed remotely, groups operating the malware often need partners
to help with various aspects of their operations, from cashing out to
providing access to the devices themselves. Research on the dark web shows
advertisements for both types of services.
2. Physical skimming. Despite the prevalence of POS malware, physical
skimming also continues to be a popular tactic often employed by less
skilled fraudsters. Magnetic Strip Readers are available as handheld
devices and allow users to make a digital copy of the data stored on a
card’s magnetic stripe. The size of these devices continues to shrink
making them hard to detect, and the price is relatively low at $100 to $500
which makes them quite affordable. Devices have now been developed to
capture data from cards equipped with Europay, Mastercard, and Visa (EMV)
chip technology. Additionally, cameras concealed in lights above machines
can be used to capture PINs and can be purchased for as little as $280. At
the other end of the spectrum, Global Systems for Mobile communication
(GSM) receivers are available for $1,000 to $2,000. GSM receivers transmit
captured information via Bluetooth, so criminals can avoid returning to the
scene and being caught.
So, what can retailers and consumers do to remediate risk from payment card
system compromise?
Advice for retailers:
- Be diligent about your supply chain. Make sure your POS devices are
protected and monitored regularly for suspicious activity, including the
placement of skimmers. Regularly review the security controls of
third-party vendors (particularly those who provide software for POS
systems) and reassess controls each time the scope of a vendor partnership
changes.
- Understand there is no silver bullet. Remember that no one tool will
protect you. A layered, defense-in-depth approach is best. For example, if
POS malware does infiltrate the network, to prevent lateral movement once
inside, restrict workstation-to-workstation communication by using
host-based firewall rules where feasible.
- Share information. Take advantage of sharing communities such as the
Retail Cyber Intelligence Sharing Center (R-CISC) and InfraGard to help
stay abreast of threats and trends.
- Plan ahead. Have a process in place to handle compromised customer
accounts and use threat intelligence to track actors and understand their
threat level.
Advice for consumers:
- Look out for skimmers. Avoid using payment or ATM machines in dark or
obscure locations where criminals could easily place a skimmer without
being seen. Look for wires or any other suspicious indicators that a
payment machine may have been tampered with.
- Monitor your accounts. Regularly check your accounts for fraudulent
activity and contact your bank immediately if you discover any suspicious
purchases.
- Learn about the latest tricks. Stay informed of the latest fraud and scam
trends by referring to some of the most popular sources for such
information, including StaySafeOnline, the FTC’s Scam Alerts, and the
US-CERT National Cyber Awareness System.
As spending during the holiday season continues to rise, so will interest
in cybercriminals to profit from increased payment card activity.
Fortunately, there are several ways we can work together to disrupt these
activities, remediate risk and preserve what should be a wonderful time of
the year for retailers and consumers.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20171218/34e678fb/attachment.html>
More information about the BreachExchange
mailing list