Last week we introduced you to the first five of the security breaches identified by Verizon in their data breach report. Now we will take you through the remaining four, including which industries are affected and what you can do to protect yourself against them.
Industries affected: Public, information, utilities and manufacturing
Crimeware is Verizon's word to describe malware other than that intended for point-of-sale attacks or espionage. Like those attacks, organised crime is central to these, with the motives either directly or indirectly financial. Increasingly such breaches were sold as a service last year, such was there success.
The report outlines two noteworthy pieces of malware: Zeus (also Zbot) and Nitol. The former should be familiar to security experts, having existed for several years. Despite an FBI investigation and over a hundred arrests, this Trojan horse has mutated over several iterations and is still used worldwide to steal money from bank accounts.
Nitol, on the other hand, remains confined to Asia, granting the user backdoor access and causing infected systems to engage in DDoS attacks.
What to do: Zeus frequently exploits out of date web browsers, giving all the more reason to patch them. Verizon also advise users to disable Java when it is not being used. IT managers may wish to consider using two-factor authentication, which requires users to two pieces of information or equipment in order to access a system (such as a bank card and PIN code at a cash point).
Industries affected: Finance and retail
Card skimming, unlike point-of-sale attacks, involves the payment device being physically tampered with, mostly at cash points and petrol stations. Criminals can now buy sleek devices that clip into card readers to scan the magnetic strip, and even collect the data via a Bluetooth connection or SIM card, according to Verizon.
Three-quarters of the time third parties such as police or customers were responsible for detecting the fraud, and criminals using skimmers frequently came from Bulgaria (38% of the time), Romania (18%) or Armenia (18%).
What to do: Modern ATMs are designed to be resistant to tampering, but Verizon say vendors can use more basic methods such as stickers placed over doors to alert them to when something is wrong. For customers covering a PIN and checking to see if adjacent machines are consistent is advised.
Qualys is the leading provider of on demand IT security risk and compliance solutions - delivered as a service. Qualys solutions enable...
Absolute® Software specialises in technology and services for the management and security of mobile computers and smartphones.