[infographic] the credit card criminal's playbook: a retail data breach attack chain
Click here to load reader
Post on 13-Jun-2015
Embed Size (px)
DESCRIPTIONYou have probably heard about some of the latest, high profile, breaches in the retail space. Home Depot, eBay, and Target were massive targets for hackers recently. View this infographic to learn the process an attacker must go through in order to steal credit card information.
- 1. HOW TO STOP ANAJTACK Gain access to the merchant's system without raising alarmsGOALPROACTIVE PREVENTIONIdentify and mitigate known vulnerabilities to reduce the attack surfaceEstablish,maintain,and test strong password controls and twofactor authentication,even for 3rd party vendorsSUSPICIOUS BEHAVIOR DETECTIONKnow typical behavior for users so that anomalous behavior is immediately detectedStudy environment and build custom malware to perfect method of collecting data without detectionDetect compromised credentialsGOALFlag new running executables for malware investigationENDPOINT MONITORINGDetect out of ordinary software install1' uunIIIIii- Lt Imujt o_SIEMDetect simple indicators of compromise such as atypical disk . _n faret .I "r V ' utilization on POS systems Harvest credit ca rd data full magnetic stripe data through fully deployed malwareBy this point,the merchant will not likely stop the breach until fraud begins to occur and is detected by external 3rd parties [law enforcement and card brands]. GOALI FIE , =gu: I'(= In . " = .lll umni = .IniI=Steps 3 & 4 loop continuously until either the attacker stops collecting data or the merchant detects the breach.EXIT TRAFFIC MONITORING Egress traffic analysis tools can detect changes in data quantity exiting the network. Send harvested data to attacker and delete records to avoid detectionGOALBUT attackers often design malware to mirror frequency of routine data traffic to avoid detection. Once data has been exfiltrated from the merchant's environment,internal security measures have failed and the merchant will likely rely heavily upon external entities to discover the breach. Sort card data to identify most valuable cards and sell to criminals in underground fraud forumsGOALLAW ENFORCEMENTSelling card information in underground carder forums must be caught by teams monitoring carder forums. Credit card fraud is very rarely carried out by the same criminal[s] that initially executed the attack against the merchant. FRAUD DETECTIONManufacture fake cards to use for criminal operations orto sell to other criminalsGOALConsumers,banks and card brands detect suspicious spending activity from fake credit cards. Even after initial fraud is detected,it can take months to discover the Common Point of Purchase [CPP] and identify the compromised merchant. This represents the most common attack chain for a retail breach,but it is by no means all inclusive or illustrative of any one company's breach. RA PID