Page 59 - Cyber Warnings
P. 59
siphons credit card data to avoid detection. It is believed by many that this malware continues to
be under active development, and companies can expect to see more advanced strains in the
wild over the next few months.
SQL injection remain a tried and true attack vector and is the most common attack on web
assets. It is also the attack method used in the second largest breach in 2016 and is responsible
for the compromise of over 112 million records across all industries since 2011 according to IBM
X-Force reporting.
Shellshock is the number three attack vector and is recognized as the new SQL Slammer
computer worm. Similar to SQL Slammer, Shellshock is popular because its exploitations are
very effective and relatively simple to execute.
Retail is also seeing an increased amount of activity from TOR networks where attackers can
hide or communicate and trade with each other without exposing the content of their
transactions. This approach is also growing in popularity as a launch pad for attacks against
surface web targets.
How POS Attacks Happen
In a POS attack, the attacker spends the vast majority time inside the network and after the
system has been compromised. During this period, the attacker maintains a cyclical process of
finding computer systems that host payment processing applications and plants the malware for
either timed or remote activations from Command-and-Control.
There are three significant problems here. First, traditional security devices that are hosted on
the periphery of an organization’s network are incapable of seeing any lateral movement or
action leading up to an attacker dropping a RAM scraper.
Second, the attack vector has no fixed period of time as an attacker can spend time in these
stages undetected. This leads to as much time as is necessary to compromise a key asset (an
Active Directory server, a patch management server) that will expose the payment processing
gateway(s).
Once identified, the attacker deploys malware through the patch-management software and
then compromises the payment processing application using a RAM scraper as a final payload
of the attack to steal and upload card data.
Finally, to make matters worse, many of today’s POS deployments continue to sit on Windows
XP or even DOS based systems. Microsoft is not patching XP vulnerabilities anymore so new
vulnerabilities can be easily exploited
Our experience and expertise in POS systems, indicate that the following steps be taken
immediately to protect against a large-scale breach.
59 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
