Why are so many big name retail chains being hacked all of the sudden?
This question was answered on October 20, 2014. Much of the information contained herein may have changed since posting.
While it may seem like it’s all of the sudden, retail chains have long been preferred victims for hackers, primarily because they can gather huge swaths of personal info if they are successful.
In the past, the company’s large storage servers and internal systems were the targets; that’s what’s changed and led to the increase in high-profile retail hacks.
Sophisticated criminal groups have created and widely distributed malware that can infect the cash registers or PoS (Point of Sale) terminals used by just about all retail businesses.
If they can gain access, they are able to plant something called a RAM scraper that captures credit card and debit card information that is stored on the magnetic stripe on the back of the cards when we swipe our cards.
Capturing the ‘mag swipe’ data allows the thieves to create bogus cards that include additional security information not available if they just got the credit card number.
This makes what they steal much more valuable on the black market, especially when they can grab tens of millions of cards before the exploit is discovered.
The Department of Homeland Security has posted several advisories for the ‘BackOff’ PoS malware that is responsible for most of the hacks you’re hearing about.
They estimated that over 1000 businesses were likely infected and most were probably unaware that they are infected because it was easily evading most antivirus detection methods.
Most major antivirus companies have added Backoff malware detection capabilities to their systems, but it’s very likely that the hackers will continue to alter their code to continue the cat and mouse game with antivirus programs.
What should be of particular interest to everyone, not just large scale retailers, is how they are gaining access to these protected systems.
The Secret Service has confirmed that the majority of breaches is occurring through commonly used tools that allow for remote access.
Popular remote access tools from Microsoft, Apple, Google and LogMeIn are being exploited through ‘brute force’ attacks (massive high-speed password guessing attacks), which means that ANYONE using these tools for ANY purpose could be victimized.
Remote access tools are extremely productive both personally and professionally, so if you’re using them, here are some tips for reducing your exposure to these aggressive attackers:
- Turn off remote access systems that aren't absolutely necessary
- Increase password length to at least 15 characters or more to make brute force attacks too time consuming (explained in detail here: http://goo.gl/vHyhFX)
- Turn on Intrusion Detection and 2-Factor authentication when available
- Use non-standard port settings to bypass known defaults
- Use antivirus that has a live protection service to stay protected from new threats
- Don’t ignore systems that have noticeably slowed down; this is often an indication of infection
- For high security situations, consider replacing remote access with a VPN (Virtual Private Network)
Businesses should rely on their IT departments or IT vendors to makes sure these technical issues have been reviewed.
If you’re a home user looking for additional tips, here are 10 tips for fighting hackers at home at: http://datadr.com/r/10tips
About the author
Posted by Ken Colburn of Data Doctors on October 20, 2014