The Ivanti Threat Thursday Update for October 5, 2017: When “POS” Means “Perfect Opportunity to Steal”

Greetings. This week, another high-profile breach via a point-of-sale (POS) system, a glimmer of hope in the fight against payment card fraud, and new stats and a dire prediction about cybersecurity in the UK. It’s also Week One of the 14th annual National Cyber Security Awareness Month in the U.S., and the fifth-anniversary European Cyber Security Month. Please share your opinions, reactions, suggestions, or celebratory wishes. Thanks in advance.

Another Week, Another POS Breach: Whole Foods Market

On the heels of the Sonic Drive-In POS system breach covered in last week’s Update, Whole Foods Market has suffered a similar attack.

  • Whole Foods disclosed that it had “received information regarding unauthorized access of payment card information used at certain venues such as taprooms and full table-service restaurants located within some stores.” When it learned of the breach, the company “obtained the help of a leading cyber security forensics firm, contacted law enforcement, and is taking appropriate measures to address the issue.”
  • The hacked locations “use a different point of sale system than the company’s primary store checkout systems,” which means those latter systems were not affected. Whole Foods added that Amazon.com systems are also separate and were also unaffected. (Amazon.com bought Whole Foods earlier this year.)
  • Gizmodo reported that a Whole Foods spokesperson said “about 117” venues were affected. However, that spokesperson “declined to specify when exactly the company learned that its point-of-sale systems had been compromised,” or to say if users of mobile payment services had reason for concern.

What We Say: Like Equifax and Sonic before it, Whole Foods is already being criticized publicly for not disclosing more information sooner about its breach. However, it’s quite possible that Whole Foods doesn’t yet know any more than it has disclosed. Comprehensive, accurate, and timely information about your extended IT infrastructure and its current security posture is essential to successful defense in depth, and to effective response to and remediation of successful attacks. (See “The Equifax Breach, Patch Management, and Your Cybersecurity” and “Three Components Required for a Complete IT Asset Management Solution (Part 2 of 4): Discovery.”)

Mastercard Rolls Out Early Warning System for Card Fraud

Mastercard says hackers can put stolen data up for sale on the dark web in as little as nine minutes. To gain ground on those data thieves, the company has introduced an Early Fraud Detection System.

  • As PYMNTS.com reported, the new system will deliver to Mastercard issuers “advance alerts about cards and accounts that are facing a higher risk of fraud due to involvement or exposure in an earlier data breach.” Triggers include “active criminal trading of account data, identification of cards being tested prior to being used for fraud, and account data that appears at-risk.”
  • The system uses “network insights, predictive capabilities and a combination of internal and external data sources to determine if a card or account is at risk.” It alerts issuers of at-risk cards and accounts, and provides a summary of the specific security issues and “a quantification of the level of risk.”
  • The goal of the new system is not to prevent hacker attacks, but to limit their effects. Mastercard believes it can give its card issuers “as much as a 6 to 18-month jump on data breaches ahead of more traditional methods.”

What We Say: Rapid discovery, identification, containment, eradication, and remediation of online threats and attacks are critical elements of comprehensive, effective cybersecurity strategies. Tools and processes that enable, ease, and speed discovery, collection, consolidation, reporting, and analysis of information about your environment can significantly improve your cybersecurity. (See “Three Components Required for a Complete IT Asset Management Solution (Part 1 of 4): Six Common Objectives” and “Reporting: The Sports Journalism of IT.”)

Agency Estimates 20 Cybersecurity Attacks Per Week in UK

The UK National Cyber Security Centre (NCSC) released its first annual report. The document seeks to quantify and categorize cybersecurity threats across the UK.

  • As SC Media UK reported, “some 1,131 attacks were reported in the UK last year,” or an average of more than 20 each calendar week. The NCSC classified 590 of these as “significant,” and noted that more than 30 required a “cross-government response.”
  • NCSC technical director Ian Levy said at a recent conference a “category one cyber event was expected.” For comparison, Levy described the WannaCry outbreak as a “category two” event, and most of events deemed “significant” by the NCSC as “category three.”

What We Say: The NCSC findings are likely conservative views of reality, as there is no guarantee that all attacks are reported to the agency. Those findings – and the prediction of its Technical Director – underscore the need for and importance of comprehensive, multi-layered cybersecurity strategies and practices. For maximum effectiveness and business value, these must include effective, frequently tested backup and restoration of critical data and resources, and rapid, thorough remediation of successful attacks. Because every enterprise is an actual or potential hacker target. (See “Infected by Ransomware—Now What?” and the webinar “Hacked!?! How Can I Fix This Fast?”)

Protect Your Enterprise, Today and Tomorrow, with Ivanti

Whatever cybersecurity solutions and processes you have in place, simply buying more in response to every new threat is not an effective strategy. Cybersecurity experts around the world agree that a few basic measures can provide a firm foundation for truly effective defense in depth. Ivanti can help you implement those measures, and more. Ivanti can help you patch your client and server systems faster and more consistently, fight and remediate malware attacks more effectively, and gain and maintain control of user applications, devices, and admin rights. We can even help you improve IT reporting and analytics, so you can discover, provide insights, and take actions that keep your enterprise more secure.

Explore our solutions online. Then, get in touch with Ivanti. Let us help you make your enterprise IT more secure, agile, productive. (And keep reading, sharing, and commenting on our Patch Tuesday and Threat Thursday updates, please!)