This blog post was authored by Martin Lee and Jaeson Schultz.
With the announcement that yet another major retailer has allegedly been breached, it is important to review how attackers compromise retail systems and how such intrusions can be prevented. In this latest case, retailers are working to determine if a large cache of credit card information offered for sale on an underground trading forum originated as a result of a systems breach.
The presence of large amounts of financial and personal information within retail systems means that these companies are likely to remain attractive targets to attackers. Illicit markets exist for such information so that attackers are able to easily monetize stolen data. Although we don’t know the details of this specific attack, it may follow the same pattern as other major breaches in the retail sector. Incidents involving Point of Sale (POS) malware have been on the rise, affecting many large organizations.
In addition to the risk of fraud to the individuals affected, the consequences for the breached organizations are severe. News of customer data theft not only damages the brand, but recovering from the breach can also cost into the millions of dollars as systems are investigated, cleaned, repaired, and new processes are implemented to prevent future similar attacks.
In recent months, many organizations are becoming more interested in the information security landscape and how these threats can affect their business today.
In the recent Cisco 2014 Midyear Security Report, the results showed that 90% of select customer networks were found issuing DNS queries to domain names known to be associated with malware distribution. Results also showed an increase in Point of Sale (POS) exploits over the past year. These threats are growing and may put at risk many users using websites where personal or financial information is being submitted. These users need to know how this malware works, that malware is becoming more sophisticated, and that it is becoming increasingly difficult to identify that users’ machines have been compromised by malware. Read More »
A few months ago we discussed the various ways that consumer PII is compromised. The recent attacks against Target and Neiman Marcus illustrate the constant threat that payment card accepting retailers of all sizes face. Yesterday Reuters reported that similar breaches over the holidays affected “at least three other well-known U.S. retailers”. Given the current onslaught, it’s a good time for retailers to examine their detection capabilities before a payment card data attack, while creating new goals for shortening remediation windows during and after an attack.