FS-ISAC: Remote-Access Attack Alert

[InfoSec News <alerts () infosecnews org>]

http://www.bankinfosecurity.com/interviews/fs-isac-remote-access-attack-alert-i-2787

By Tracy Kitten
Bank Info Security
July 8, 2015

Remote-access attacks waged against smaller merchants are a growing 
threat, according to a cybersecurity alert published July 7. The alert was 
released by the Financial Services Information Sharing and Analysis 
Center, along with Visa, the U.S. Secret Service and The Retail Cyber 
Intelligence Sharing Center, which provides threat intelligence for 
retailers.

While industry attention in late 2013 and early 2014 was focused on the 
large-scale RAM-scraping malware attacks that resulted in breaches at 
big-box retailers, including Target and Home Depot, more attention is now 
being paid to remote-access attacks against point-of-sale devices commonly 
used at smaller merchants, says Charles Bretz, director of payment risk at 
the FS-ISAC. The organization provides a conduit for information sharing 
among financial services institutions.

"We are seeing a shift in the breaches of card data," Bretz says in this 
interview with Information Security Media Group. Now that many of the 
larger retailers have implemented end-to-end encryption and tokenization, 
in conjunction with their rollouts of EMV-compliant POS terminals, hackers 
are turning their attention toward smaller retailers, he says.

"Criminals continue to find success by targeting smaller retailers that 
use common IT and payments systems," Bretz explains. "Merchants in 
industry verticals use managed service provider systems. There might be 
100 merchants that use a managed service provider that provides IT and 
payment services for their business."

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/