My name is Scott
Athey and I will be restarting my blog called Scott Athey’s Cyber Security Blog
for the CYBR 650 class. When I first started my blog I focused in on data
breaches that occurred every week. The data breaches ranged from large to small
organizations and anything in between. The reason I chose data breaches is
because they are a hot topic and data breaches are happening every day. I also
want to find out how attackers are getting into company networks and what can
be done to protect those networks. I will be keeping the topic the same and
focus on recent data breaches.
A recent data
breach that happened on March 7, 2017 was Verifone. Many people may not know
what Verifone does, but I can guarantee people have used their products before.
Verifone is one of the largest point of sale manufactures and payment
processors. Verifone provides self-service payment devices or point of sale
systems, which include countertop and mobile (About Verifone). Verifone’s
products are used a gas stations, hotels and other businesses that accept
credit and debt payments. Verifone is also a payment processor like first data,
which allows them to see people’s credit and debit card information.
The attack seems
to be related to the MIRCOS data breach that occurred in January 2017. MICROS were
hit when the attackers used phishing emails to install malware on a computer
that targeted a ticketing portal. Without knowing the details of the Verifone
breach, Krebs on Security was able to possibly link the attack to a Russian
crime group and the attackers may have been inside of the network since the
middle of 2016 (Krebs, 2017). The attack appears to be limited to 24 United
States gas stations convenience stores (Schwartz, 2017). Verifone would not
confirm other details related to the breach as it seems they are still
investigating. Verifone did hire a forensic company to come in and do an
investigation.
Here is a sample of a phishing email that a person received from
“Apple” regarding ITunes.
This data breach
is scary and people should not forget about it. If the attackers were inside of
the company for more than six months think of the damage they could do. Verifone’s
systems run their own operating system, which means the attackers could have
gotten the source code. Of course this is all hypothetical right now, but if
the attackers got their hands on the source code they could do more damage than
the Target hack. One example of having the source code is it allows attackers
to write vulnerabilities or malware for that specific operating system. The
operating system is on POS machines, which could lead to attackers stealing
credit and debit card information. Then the company would have to fix the vulnerabilities,
but that would require them to reverse engineer the malware or do a forensic
investigation to find the vulnerability or vulnerabilities in their operating
system.
Could this data
breach been prevented? At this time it’s too early to say whether this breach
could have been prevented. If it was because of the phishing email, then yes it
could have been prevented. According to Krebs, users are no longer allowed to
install software on their computer unless it is through there help desk (Krebs,
2017).Could a malicious program an employee installed be the cause of the
breach? Users should not be allowed to install software because most users don’t
check the MD5 or SHA1 hash of the file that was downloaded. Having the help
desk or a different team within the company install software that has been
approved will reduce the risk of malware on a network. Malicious word documents
have macros enabled that allow malicious code to run and install malware.
Having macros disabled by default can help protect users from installing
malware. It is also a good idea to train users to not open word documents from
emails they do not know. Hopefully within a few weeks there will be more
information on the data breach. At that time I will update my blog with the new
information.
References
Krebs, B. (2017,
March 07). Krebs on Security. Retrieved March 19, 2017, from https://krebsonsecurity.com/2017/03/payments-giant-verifone-investigating-breach
About Verifone |
Company | Verifone. (n.d.). Retrieved March 19, 2017, from http://global.verifone.com/company/about-verifone/
Schwartz, M.
(2017, March 8). Verifone Investigates Gas Station Hack Attacks. Retrieved
March 19, 2017, from http://www.bankinfosecurity.com/verifone-investigates-gas-station-hack-attacks-a-9759
No comments:
Post a Comment