Cisco Blogs


Cisco Blog > Retail

We Hear You: Retail Security Should Be Simple and SAFE

Retailers are in the business to sell, not to be stolen from. And they don’t set up shop to buy security products from companies like Cisco. However, attackers who target retailers have discovered that it’s much more lucrative to shoplift virtually rather than physically. So even if you focus on security rather than selling, you face a daunting task.

ChristianImage

The challenge of retail security is that it gets more complex by the minute. The combination of mobile devices, distributed services, increased customer expectations, virtual systems, and changing business goals creates a huge attack surface for fraudsters. Add in a pantheon of security vendors offering specialized products that don’t always work well together as well as a dwindling supply of qualified security personnel, and feelings of frustration and futility are understandable.

Our industry desperately needs a resource that addresses the problem from end to end and makes security easier to understand. Enter Cisco SAFE, a comprehensive and credible solution portfolio. SAFE uses a model to organize retail networks into areas that can be more easily understood from a security perspective. It looks at the threats that exist and the best practices available to defend against them. It helps manage the design, build, and maintenance of today’s retail networks.

SAFE provides “how to” guides tested in Cisco’s laboratories for complex security challenges. It maps your threats to the security capabilities you need at this time, which can help you avoid overspending and overcomplicating the defenses you need to protect your business.

Come see me at the National Retail Federation show in New York. At a Big Idea session, I’ll be speaking about how Cisco SAFE helps simplify retail security. We’ll be in Room 4, Level 3 of the Expo Hall, on Monday, January 18, at 12:45 p.m.–1:30 p.m. Learn more.

I look forward to meeting you there!

Tags: , , , , , , , , ,

Security Steps to Take in the Holiday Season – and Beyond

Retail companies face a landscape filled with growing and increasingly complex threats. And the financial impact of these breaches is soaring.

There are obvious financial incentives for attacking retailers because they typically don’t spend as much on security as financial institutions or government organizations, so they’ve become easy targets in recent years. According to Gartner, retailers spend about four percent of their IT budgets on cybersecurity, while financial services and health organizations spend 5.5% and 5.6% respectively. This is critical as the number of shoppers on Black Friday and throughout the holiday season continues to grow through different omnichannel opportunities. We have to be concerned and diligent because:

  • Financial organizations spent as much as $2,500 per employee on cybersecurity in 2014, while retailers only spent about $400 per employee.
  • AppRiver Global Security Report shows that 10 of the top 20 data breaches in 2015 were retailers.
  • According to research conducted by the Ponemon Institute in partnership with IBM, the average cost for each lost or stolen record has also increased. According to the study, the cost per record increased by more than 9%, from $136 per record in 2013, to $145 per record in 2014; and those numbers are still higher in the U.S., where the average cost for each lost or stolen record is $201.

Read More »

Tags: , , , , , , , ,

CVE-2015-0235: A GHOST in the Machine

This post was authored by Nick BiasiniEarl Carter, Alex Chiu and Jaeson Schultz

On Tuesday January 27, 2015, security researchers from Qualys published information concerning a 0-day vulnerability in the GNU C library. The vulnerability, known as “GHOST” (a.k.a. CVE-2015-0235), is a buffer overflow in the __nss_hostname_digits_dots() function. As a proof-of-concept, Qualys has detailed a remote exploit for the Exim mail server that bypasses all existing protections, and results in arbitrary command execution. Qualys intends to release the exploit as a Metasploit module.

CVE-2015-0235 affects the functions gethostbyname() and gethostbyname2() –functions originally used to resolve a hostname to an IP address. However, these functions have been deprecated for approximately fifteen years, largely because of their lack of support for IPv6.  The superseding function is getaddrinfo() which does support IPv6 and is not affected by this buffer overflow.  Programs that still utilize the deprecated gethostbyname() and gethostbyname2() functions may potentially be affected by GHOST.

Read More »

Tags: , ,

Threat Spotlight: “Kyle and Stan” Malvertising Network 9 Times Larger Than Expected

This post was authored by Armin Pelkmann.

On September 8th, Cisco’s Talos Security Intelligence & Research Group unveiled the existence of the “Kyle and Stan” Malvertisement Network. The network was responsible for placing malicious advertisements on big websites like amazon.com, ads.yahoo.com, www.winrar.com, youtube.com and 70 other domains. As it turns out, this was just the tip of the iceberg. Ongoing research now reveals the real size of the attackers’ network is 9 times larger than reported in our first blog. For more details, read the Kyle and Stan Blog.

The infographic below illustrates how much more of the malvertisement network was uncovered in comparison to our first assessment. We have now isolated 6491 domains sharing the same infrastructure. This is over 9 times the previously mentioned 703 domains.  We have observed and analyzed 31151 connections made to these domains. This equals over 3 times the amount of connections previously observed. The increase in connections is most likely not proportional to the domains due to the fact that a long time that has passed since the initial attacks.

img_new_numbers

The discovery difference from the previous blog to this one in raw numbers. With more than 3-times the now observed connections and over 9-times the revealed malicious domains, this malvertising network is of unusually massive proportions.

Read More »

Tags: , , , , , , , , , , , , , , , , , ,

Threat Spotlight: “Kyle and Stan” Malvertising Network Threatens Windows and Mac Users With Mutating Malware

This post was authored by Shaun Hurley, David McDaniel and Armin Pelkmann.

Update 2014-09-22: Updates on this threat can be found here

img_MetricsHave you visited amazon.com, ads.yahoo.com, www.winrar.com, youtube.com, or any of the 74 domains listed below lately? If the answer is yes, then you may have been a victim to the “Kyle and Stan” Malvertising Network that distributes sophisticated, mutating malware for Windows and even Macs.

Table of contents

Attack in a Nutshell
Timeline
Technical Breakdown
Reversing of the Mac Malware
Reversing of the Windows Malware
IOCs
Conclusion
Protecting Users Against These Threats

Malvertising is a short form for “malicious advertising.” The idea is very simple: use online advertising to spread malware. Read More »

Tags: , , , , , , , , , , , , , , , , , ,