|
BriansClub[.]at, an underground website that peddles stolen payment card data, was reportedly hacked. Here’s what we know of the breach based on an initial report:
The most common method by which PoS malware infects hosts is through insider threats and phishing. A knowledgeable employee may install the malware on card-reading machines or retrieve higher-ups’ access credentials by guessing username-and-password combinations.
Meanwhile, targeted attacks may employ the use of social engineering tactics to trick email recipients into downloading the PoS malware onto their computers. So say you (or someone you work with) receive an email with a suspicious attachment and you want to assess the sender’s integrity. Let us show how you could go about it.
Our Investigative Tools: Threat Intelligence Platform and Others
A primary example of a PoS malware is NitlovePOS, which has been distributed via spoofed Yahoo! Mail accounts. Messages associated with this malware dupe users into opening a Microsoft Word attachment that downloads NitlovePOS onto devices.
Knowing that, it may be best for users to check if any of the email addresses attempting to interact with any of their employees is valid. They can use an email verification API for that.
Reminding users not to open documents attached to emails sent by unknown senders is also critical as the simple act of opening a malicious document can drop NitlovePOS on their computers. Outright blocking of attachments with macros can also be enforced throughout the network.
Looking at publicly available reports can also help establishments beef up their cybersecurity posture. Take a look at a sample step-by-step account of how we carried out a risk assessment given that we do not have information on the email addresses used in the attack:
The quick exercise above shows how crucial it is to uncover if the domains that are trying to interact with your network are secure or not. While not all investigations would instantly reveal ties to malicious activity, it doesn’t hurt to exercise due diligence.
To further bolster security, companies must ensure that the customer data they keep is encrypted according to industry standards. Retail operations and banks should also enforce stricter access controls and code-signing certificates before processing card transactions. Lastly, IT teams should deploy patches to vulnerable PoS systems regularly to prevent exploitation.
* * *
Cyberthreats can come from all fronts. Often, parties who fall victim to attacks failed to secure their data operations despite having ample resources to do so. Still, the best way to avoid the repercussions of compromised card data is to prevent them in the first place. Security solutions such as Threat Intelligence Platform (TIP) and other domain research and monitoring tools empower organizations to stay ahead of cyber risks before these become a huge problem.
Sponsored byDNIB.com
Sponsored byCSC
Sponsored byVerisign
Sponsored byRadix
Sponsored byVerisign
Sponsored byIPv4.Global
Sponsored byWhoisXML API