data
Cybersecurity Trending

SecurityScorecard Reveals Top “Sources of Compromised Data” in Cybersecurity Report

With great technical leaps forward comes great opportunity…for criminals. Here, SecurityScorecard reveals the most common methods used by nefarious players to compromise financial data…

Phishing

Credit card phishing scams traditionally use emails or telephone calls that impersonate legitimate contacts in order to trick victims into disclosing private information, such as credit card numbers and passwords.

According to the “Phishing Activity Trends Report, 4th Quarter 2018,” 33% of phishing attacks targeted the payment industry. The report also states that cybercriminals used 6,781 phishing URLS across 4,485 unique second-level domains. Even more concerning, cybercriminals hosted 100 URLs on unique IP addresses without domains.

Hardware Skimming

Hardware skimming occurs when criminals install Bluetooth-based “skimmers” on point of sale (POS) devices or ATMs. For example, ATM skimmers can be hidden inside the pinhole camera intended to protect users from burglary. When criminals change the camera angle, they can obtain a user’s PIN number. They can pair that number with an “insert skimmer” placed inside the card acceptance slot to obtain information.5 For example, in February 2019, an Italian restaurant chain admitted that malware installed on its POS system exposed customer information from May 23, 2018, to March 18, 2018.6.

Credit card phishing scams traditionally use emails or telephone calls that impersonate legitimate contacts in order to trick victims into disclosing private information, such as credit card numbers and passwords.

Data Breaches

Phishing attacks and hardware skimming target individuals rather than organisations. However, data breaches compromise large amounts of CD by focusing on the companies storing the data rather than on individual consumers.

The report also states that cybercriminals used 6,781 phishing URLS across 4,485 unique second-level domains. Even more concerning, cybercriminals hosted 100 URLs on unique IP addresses without domains.

SQL Injection

Cybercriminals target enterprise databases using SQL injections so that they can obtain large amounts of CD with minimal time and effort. The attackers use exposed application elements, such as form fields or URLs, to access the database and then download the information. Two popular tools used within the underground to conduct SQL injections are Havij SQLi (Windows  binary) and sqlmap.py (open-source Python script). In February 2018, the US Attorney’s Office of New Jersey sentenced two cybercriminals for using a SQL injection to compromise over 100 million cards and more than 650 financial services.7 The data breach cost three corporate victims over $300 million.

Malware Infection

Whether initially arising from poor internet hygiene or clicking on a link in a phishing email, malware infections continue to plague consumers, merchants, and payment processors. At the merchant level, two types of malware attacks exist.

POS Malware

Since PCI DSS requires in-transit and at-rest encryption, POS devices contain one of the few decrypted locations. The malware scans the device’s active processes and then scrapes any useful information. In the case of POS devices, the active processes start running when the device begins processing the payment. This leads to the cybercriminal obtaining the card information. POS malware operates like a keylogger, as the data being swiped is logged in cleartext and sent to the attacker before being encrypted and sent off for processing.

Arising from poor internet hygiene or clicking on a link in a phishing email, malware infections continue to plague consumers, merchants, and payment processors.

Post-exploitation Network Sniffing/Keylogging

For e-commerce merchants, post-exploitation network sniffing malware extends an attack beyond the initial vector of entry. This attack targets compromised sites, places malicious code into the website, and intercepts customer data. Thus, despite a merchant remediating the initial data breach, they remain compromised, often without realising it. Malware at the end-user level aligns with traditional definitions. Trojans, named after the Greek Trojan horse, disguise themselves as normal files that trick users into downloading and installing them. Once installed, the Trojan monitors user activity to collect information, often through keylogging. Keylogging records the keys you type, in the order you type them, and thus allows malicious actors to collect login names, passwords, financial data, and other information.

Unprotected Backups

All compliance programs require disaster recovery and business continuity planning, of which backup is a primary element. While cloud migration eases the backup process with the use of virtual machines, workforce members can easily create these backups without administrator knowledge and generate cybercrime vulnerabilities.

Author

Related posts

Behind the Idea: Comentis

Tyler Pathe

Rwandan Financial Inclusivity Bolstered by I&M Bank (Rwanda) Plc & Network International Partnership

The Fintech Times

Bidooh Tokens to List on OKEx Partner Exchange CoinAll and DDEX Exchange

Jason Williams