BreachExchange mailing list archives
Why Christmas is a hacker's favorite season
From: Audrey McNeil <audrey () riskbasedsecurity com>
Date: Wed, 23 Oct 2013 01:01:19 -0600
http://www.bizjournals.com/baltimore/blog/cyberbizblog/2013/10/why-christmas-is-a-hackers-favorite.html?page=all It may only be October and Halloween has yet to come, but people are already beginning their holiday shopping. Large retailers are already beginning their layaway programs and some have already begun displaying Christmas decorations. But some people — and not the kind that retailers like — have been doing their “shopping” since the beginning of the year. Jim Jaeger, vice president of cyber security services at General Dynamics Fidelis Cybersecurity Solutions in San Antonio, Texas, said hackers have already been prepping for the big holiday push. He said hackers, who typically are working on 12 projects at a time, tend to begin the hacking process as early as January or February prior to the holidays. The goal for most hackers is to be ready or in “production operation” by at least October. Production operation means a hacker has complete access to the information he is seeking. During this time of the year, as Jaeger discussed, retailers and credit card processors are typically the prime target for hackers. He told me about two hacks in recent years that his team worked on that were related to the holiday season. One of which was a breach on Massachusetts-based TJX Companies (NYSE: TJX) that his team was made aware of just days before Christmas. Jaeger said the hacker set up a sniffer to extract unencrypted credit card information that was coming back to retailers during a transaction. The hacker managed to get information from about 45,000 credit cards every three days. He said that along with breaches of this extent, hackers are using spear phishing to gain access to companies as well as people’s personal information. Spear phishing is a virus in the form of link attached in an email. During the holiday season, he said hackers tend to focus heavily on spear phishing. The belief is people are more prone to let their guard down knowing that they could be expecting a delivery from say UPS. The process would go like this: A hacker would send an email tailor-made for someone saying a package is on the way and click said link for more details. When and if the person clicks, the hacker has access to the information on that computer. He stressed caution, especially during this season, for people to pay attention to what’s going on. The big caution is don’t open any email or click a link in one unless you’re absolutely sure where it came from. And as for making transactions, try to use cash more often but don’t worry too much about using your credit card. He said companies have things in place to reimburse people if their information is hacked and used.
_______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss For inquiries regarding use or licensing of data, e-mail sales () riskbasedsecurity com Supporters: # OWASP http://www.appsecusa.org # Builders, Breakers and Defenders # Time Square, NYC 20-21 Nov o()xxxx[{::::::::::::::::::::::::::::::::::::::::> Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security offers security intelligence, risk management services and customized security solutions. The YourCISO portal gives decision makers access to tools for evaluating their security posture and prioritizing risk mitigation strategies. Cyber Risk Analytics offers actionable threat information and breach analysis.
Current thread:
- Why Christmas is a hacker's favorite season Audrey McNeil (Oct 24)