.jpg)
25 November, 2016
Black Friday and Cyber Monday are upon us yet again and the holidays are just around the corner. But this year, even though we’re more than one year into the chip-and-signature card revolution, it’ll be more than deal hunters rushing to digital and physical checkout counters. Cyber criminals will certainly be there, too.
Fraud is on the rise in spite of the payment card industry’s introduction of chip-and-signature cards and the shift of full liability for fraud to the retailers. Between the second quarter of 2015 and the first quarter of 2016, the rate of fraud attempts on payment transactions was up 26% in the U.S. compared to a prior period, with the rate of attack for digital goods almost tripling, according to PYMNTS.com and Forter, a fraud prevention provider for ecommerce.
Retailers must go above and beyond current industry regulation in order to sufficiently protect themselves. Below is a checklist that companies can use to reduce the risk of falling victim to cyber thieves this holiday season.
Implement two-factor authentication on all publicly accessible portals. If you don’t have that configured on Citrix portals or any vendor portal that allows access to your network, consider implementing one.
Limit outbound access wherever possible. Specifically, don’t open up ports 80, 443, and 53 if you don’t need to for business reasons. If you need to for business reasons, create a whitelist of hosts rather than allow a certain port access to all IP addresses.
Add scrutiny on servers that have propagation routes and access to POS machines/E-Commerce Web servers and Databases.
For example this could include file integrity monitoring servers, antivirus servers, WSUS servers, DVR servers, Domain Controllers, POS update server, and remote access jump servers, among others.
Perform spot checks on POS systems that can store plaintext cardholder data in the RAM. If there is a system that has more than a POS application processing track data in RAM, then it should be investigated as the second application processing track data could be malware.
Be aware of the current threat landscape. Updates from law enforcement are a good place to start. A call to a local U.S. Secret Service office and FBI field office would be a great idea.
Conduct threat hunting so POS attackers can be discovered before they are able to exfiltrate data.
If you have an e-commerce environment, monitor the website access logs to spot SQL Injections (at least search for 10 common SQL injection tool names in the logs) and devise a strategy to look for web shell (web backdoor) traffic. Also look at the “Checkout” page code periodically to ensure that it’s not appended to send a copy of cardholder data to attackers.
If you are using a tokenization solution, ensure that the server that is running the tokenization software has adequate controls and monitoring in place as that server may have plain text cardholder data in RAM that can be targeted.
For “quick wins” on threat hunting, including specific places to look for evidence of intrusion, visit here.
Retailers must counter the persistent attacks facing them this holiday season. The quickest way to do this is through a combination of vigilance and strengthened access controls. The time spent implementing these solutions is minimal, but the resilience they bring can pay off far beyond the holiday season shopping spree.
For further information, please contact:
Paul Jackson, Managing Director, Stroz Friedberg
pjackson@strozfriedberg.com
