Cybercriminals going back to ‘old school’ techniques: Dell
By Edwin Yapp May 11, 2015
- Unpatched point-of-sale systems, users' lack of knowledge exploited
- SMBs must consider next generation firewalls, enterprise best practices
IT’S no secret that cybercriminals are using a combination of social engineering tactics and sophisticated methods such as advanced persistent threats (APTs).
Despite such leading-edge methods, there are cybercriminals who are still using unsophisticated methods to hit companies which aren’t that secured, according to a new report by Dell Software.
Speaking to Digital News Asia (DNA) in an exclusive interview in Kuala Lumpur, Matthew Johnston, managing director for South Asia, Dell Software, said that ‘old school’ methods are still very prevalent.
“Based on the data gathered by SonicWALL in 2014, what we’ve seen is a surge in point-of-sale (POS) malware variants and attacks targeting payment card infrastructures,” he said.
Dell Software, a division of Dell Inc, was formed in 2012 to unify its acquisitions of software companies – some 39 of them as of March 2015 – under one organisation. Security software and hardware appliance manufacturing firm SonicWALL was acquired in May 2012.
Johnston said that according to Dell’s Annual Security Report (registration required), the retail industry was shaken to its core in 2014 after a staggering number of major retail brands experienced highly-publicised POS breaches.
He noted that companies such as Home Depot, Target, Michaels, and Staples all became targets of credit card data theft, with each breach exposing millions of consumers to potential fraudulent purchases and/ or identity theft.
According to Johnston, Dell Software developed and deployed over three times more new POS malware countermeasures in 2014 than in the previous year, with the majority of these POS hits targeted at the US retail industry.
“This particular kind of threat is noteworthy as we’ve seen a significant shift in cybercriminals trying to exploit particular financial data,” he explained.
“It may start from big retails stores like Target, but what’s more worrying is that it is bound to come down to small and medium businesses (SMBs),” he said.
Johnston said this is particularly critical in South-East Asian nations such as Malaysia, where many POS terminals connect to PCs, which are unfortunately not patched with the latest software, actively managed, or put behind a firewall.
“Many of these PCs that are connected to POS terminals are also connected to the Internet as they may need to access the company’s database,” he said.
“But if they are not properly patched, they become extremely vulnerable as cybercriminals can exploit this to get all kinds of data,” he said, adding that POS-connected PCs are all potential attack points.
To make matters worse, Johnston said these PCs are also not dedicated to only the POS functions, and often double up as PCs used to surf the Internet and answer email.
Cybercriminals exploit these PCs by using social engineering methods to get users to unwittingly open email attachments or surf to malware-infected websites.
“The lack of training of users using these POS-connected PCs is another problem,” he said.
“Cybercriminals are targeting their naivety and lack of education, and exploiting users’ behaviour to get their way,” he added.
Mitigating risks
When asked what can be done to mitigate such threats, Johnston (pic) said the first thing is to ensure that all POS-connect PCs are patched with the latest software updates, especially the operating system.
Next would be to try and keep the POS system isolated from the rest of the network and make sure it can only communicate with valid IP (Internet Protocol) addresses, so attackers cannot siphon data off to their own servers.
Johnston said that it’s not too early for SMBs to invest in technologies such as Next Generation Firewalls (NGFs), which combine application awareness and deep packet inspection to give companies more control over applications, while also detecting and blocking malicious threats.
He suggested that SMBs start looking into best practices which larger multinationals have already begun putting into place, such as two-factor authentication (2FA) for password security, as well as investing in user education as security affects everyone in the company, not just technical people.
He acknowledged that while some of these processes have been tightened up at large enterprises and multinationals, this has not filtered down to SMBs.
As an example, he cited the unregulated use of access for employees using PCs connected to POS terminals, which often have sensitive data such as inventory data or customer loyalty data.
“At the end of the day, it’s not any one thing that will fix these challenges but a combination of methods,” he said.
“SMBs must look at implementing some kind of NGF and at the same time look at tightening staff access to the Internet, and using role-based access rather than open access, so that they can manage people’s access to the PCs in an intelligible way.
“They must also look at deploying encryption on all their mobile devices, PCs or tablets, and laptops. New technologies such as desktop-as-a-service are also possible for the retail environment, as is virtual desktop infrastructure (VDI),” he said, adding that in these systems, data do not reside locally but on the cloud.
Other interesting findings in Dell’s Annual Security Report are:
- More companies were exposed to attackers hiding in plain sight as a result of SSL/ TLS (secure socket layer/ transport layer security) encrypted traffic as there was an increase in the volume of HTTPS web connections from 182 billion in January 2014 to 382 billion in January 2015, and this number continues to grow. As of March 2015, the number was 437 billion;
- Sophisticated new techniques will thwart Android malware researchers and users, and more highly targeted smartphone malware will emerge. In connection, the first wave of malware targeting wearable devices via smartphones will also surface;
- Home routers and home network utilities will become targets and will be used to assist large distributed denial-of-service (DDoS) attacks; and
- Attacks on Scada systems doubled over the last year. Whereas the motive behind POS and secure web browser attacks is typically financial, Scada attacks tend to be political in nature, since they target operational capabilities within power plants, factories, and refineries, rather than credit card information.
Related Stories:
No 1 security vulnerability is careless or unaware employees: EY survey
Cybercriminals shifting to more deceptive tactics: Microsoft
Mitigating security threats on POS systems
ID thieves targeting SMBs, 2FA could be the solution
For more technology news and the latest updates, follow us on Twitter, LinkedIn or Like us on Facebook.
