This year’s Data Breach Investigations Report (DBIR) is based around the same nine incident classification patterns identified in our 2014 report. Just three of these patterns – denial of service (DoS) attacks, crimeware, and point-of-sale (POS) intrusions – account for the vast majority (88 per cent) of all security incidents experienced by retail organisations. Taking into account the breaches where data was disclosed, the majority involved POS attacks. To help you plan your defenses, we will look in greater depth at the three types of attacks that are responsible for most security incidents in the retail sector.
Denial of service
Almost 44 per cent of security incidents in the retail sector involved DoS attacks, which were intended to overwhelm organisations with malicious traffic and bring their normal business operations to a halt.
Across all organisations in the DBIR, the number of distributed DoS attacks doubled in 2014 – and the retail industry’s e-commerce solutions proved to be major targets. Attackers have refined their methods and are increasingly using the infrastructure of the Internet itself to amplify their attacks.
How would you cope if your key systems were taken out of action for an hour or, as is often the case, longer? Typical DoS attacks last for days and are difficult to mitigate with in-house resources. The costs associated with missed orders and the time spent on remediation can be enormous. Furthermore, it is worth bearing in mind that you does not have to be a high-profile company or engage in controversial activities to be a victim. Our data shows that DoS attacks affect all types or organisations.
What you can do
Establish a mitigation plan: Ensure your policies include dealing with larger attacks and brief key operations staff on the best course of action should an incident occur. Have a solid, comprehensive strategy that details what your organisation should do in the event of failure of your initial anti-DoS service.
Test your plan: Do not wait for a breach to occur to discover that there are gaps or failures in your plan. Test your plan well ahead and update it regularly as your infrastructure and processes change and as new DoS techniques emerge.
Segregate key servers: Do not allow less important systems to act as a gateway to more important ones. Separate critical systems onto different network circuits.
Crimeware
Nearly a quarter (23 per cent) of all security incidents reported by retail organisations in the 2015 DBIR involved crimeware. This pattern was barely a blip on the radar last year (just 2 per cent of incidents).
Crimeware is a broad category, covering any use of malware (often web-based) to compromise systems, such as servers and desktops. This year, there were many incidents that included phishing in the event chain.
Attacks involving crimeware are usually opportunistic and motivated by financial gain.
What you can do
Patch anti-virus and browsers: This could block many serious attacks.
Enable two-factor authentication: Both phishing and malware lead to lost credentials. Using two-factor authentication can break the chain of attack.
Implement configuration change monitoring: Many of the methods used to breach your data can be detected easily by watching key indicators.
Point-of-sale intrusions
The third most prevalent cause of security incidents is much severe than what you would expect in the retail sector: attacks on the computers and servers that run POS applications.
POS attacks accounted for just over a fifth (21 per cent) of security incidents reported by retail organisations in the 2015 DBIR – and that is without taking into account incidents that involved tampering with payment terminals, which are covered by the payment card skimmers category.
Many POS breaches affect smaller businesses that continue to rely on single-factor authentication for remote access, making it easier for attackers to either hack passwords or gain immediate access once these have been stolen. Nevertheless, the increasingly sophisticated malware that attackers are using suggests that criminals are once again also targeting large organisations. Ninety-three per cent of breaches confirmed by retail organisations involved hacking to gain access to data. In addition, attackers are also making use of social engineering – 23 per cent of all confirmed cases of data disclosure had a social event at some point in the attack chain. Once they had gained access, attackers favoured the use of ‘RAM scraper’ malware to capture data, which includes export capability so that attackers do not have to return to take your valuable data.
What you can do
Use two-factor authentication: Stronger passwords could reduce the risk of hacking – many companies continue to use factory defaults. But two-factor authentication provides greater protection if credentials are stolen.
Restrict remote access: Limit remote access into POS systems by third-party companies.
Reserve POS systems for POS activities: Do not allow employees to use POS systems to browse the web or check their e-mail.
This article is attributed to Sumeet Singh, Head – Security Engineering, Asia Pacific, Verizon Enterprise Solutions
Must Read
