Malware Breach - are you the next to be hit?
Retailers have good reason to be concerned that their business systems are becoming the focus of the cyber criminal community efforts. After all, +Target, +Staples
, +Dairy Queen
, +The Home Depot
and many other high profile businesses have recently been compromised, resulting in huge volumes of customer data being stolen. You may be thinking ‘They are all in the US and we’re not, so we’re aren’t at risk…” If so, you’re missing very clear warning signals - and you're wrong
These attacks ARE
happening in other markets - we have seen similar attacks in South Africa and the UK in recent weeks.
Foregenix is a forensic specialist and we encounter businesses on a daily basis that have had their customer data stolen. Increasingly the attacking trend is to compromise the perimeter defenses, identify the assets (cardholder data in the payments industry), deploy custom-written malware to harvest the data and get rich quick by selling the proceeds.
It sounds easy doesn’t it? That’s because it is! Retailers are only the tip of the iceberg and certainly not the only type of organisation that we have seen being targeted. Payment service providers, acquiring banks and issuing banks all fall victim to compromises too, often through exceedingly clever means, with increasingly complex and targeted malware – the kind that your anti-virus and anti-malware solutions do not detect.
Using a retail environment as an example (but you could apply this equally across hospitality, travel, financial services and so on), the target organisation is usually operating a distributed, complex environment with multiple services running across the organisation – one of which is payments. Often there will be out-dated systems within the environment, flat networks to deal with, minimal or no information security expertise and a very tight IT security budget to put towards defending the company assets. All of these challenges cumulate to create an inadequately defended environment which therefore serves as a perfect target against which to launch an attack.
This is a pattern which has been consistently spotted by our forensic practice. Unfortunately, by the time we get called to investigate, the crime has already been committed, the loot sold, leaving the victim to clean up the mess and face the liabilities that come from losing their client data.
We’re facing an increasingly intelligent adversary and our tactics need to improve if we are to be successful in defending our businesses.
As can be seen in our recent talks on the forensic case we performed in South Africa – the cyber criminals perfected their attack methodology and malware in a coordinated attack against a few hundred South African businesses before going on to attack and compromise Target. Yes, the malware and attack vectors were very
similar with what information we have gleaned on the Target breach. We believe that we will be seeing a lot more compromises like these.
How do you defend against these cyber criminals?
The simple answer is by having great security in place
The PCI DSS provides a prescriptive guide on what should be in place, at a minimum, to be running an effective security operation. Defence in depth will enable organisations to identify “problems” early on, enabling them to shut down the attack quickly. This requires technology and people who know what they are doing.
For organisations who are some way off getting the right kind of controls in place and are worried about the fidelity of their customer data, Foregenix can help – we developed Serengeti to identify, report and manage indicators of compromise, with custom-malware detection, monitoring and mitigation being one of core components . Serengeti is utilised to great effect by our forensic team (and clients) to rapidly mitigate attacks – both proactively and reactively.
You can find out more at : http://foregenix.com/serengeti.php
The potential costs of a breach - great info graphic on the +Target
This article outlines some of the malware we're fighting: http://www.wired.com/2014/09/ram-scrapers-how-they-work/
Please get in touch with us if you're concerned your business systems may be under attack. We are one of the leading forensic teams globally and have a fantastic team on standby.