Wintertime Data Raids

The holiday season has arrived, which of course means winter is once again upon us.  As each day bites colder, it brings to mind people in other times and place, who have had to deal with truly frigid conditions: such as what the medieval Norsemen encountered when they sailed to Iceland.  A bitter winter is what awaited Hrafna-Flóki Vilgerðarson and his fellow settlers, though he eventually made Iceland his peremanent home.  This figure serves as the loose inspiration for the character of Floki on History’s Vikings, which has recently resumed its fourth season.

A quirky shipbuilder, Floki is also a wild, chaotic zealot.  So, whether or not the character is the direct source for the name of a new strain of point-of-sale (POS) malware, FlokiBot, the name is fitting.  While online threats are always a significant concern, retail POS terminals can often go neglected when it comes to security.  As such, hackers can get creative and introduce new strains of existing malware platforms—in this case, a variant of the Zeus Trojan family that originated in 2009, resulting in FlokiBot.  What’s new this time a unique type of memory scraping, whereby Floki can scan the POS system to look for data that matches the format of a credit card number, which it then sends to the cyber thief to use at their own discretion.

But that’s not all.  FlokiBot also possesses Distributed Denial of Service (DDoS) capabilities, using POS terminals as vectors.  Furthermore, it can route traffic through TOR-based command and control URLs (the .onion sites of the dark web) to cloak its activities from security companies.

What can retailers do to combat this?  Enterprise Tech elaborates on several strategies, in addition to the standard security review and PCI-DSS compliance.  Fortifying the machines running the POS software is recommended (restricting open ports and core applications), as is isolating them from the rest of the network.  Organizations should deploy anti-malware applications to detect potentially unknown strains, as well as keep watch over network traffic.

Customers must be vigilant too, of course.  Come holiday season, we should all operate under the assumption that our personal data might, or will, be compromised.  Hackers are only getting smarter, after all.  Consumer vigilance must keep apace.  This is especially true if Robert Liscouski, president of Implant Sciences Corp. and former official at the Department of Homeland Security, is correct when he says he believes “medical information and other PIN data will be prime targets for [ransomware] attacks.”

Ransomware: there’s another, even nastier threat organizations ought to watch for this season.  Some preventative measures here might be multifactor authentication, encryption of data at rest and in transit, and, again, isolating critical segments of the network.  Effort is key.  “Ransomware does not just show up one day and immediately cause problems,” says Andrew Plato, CEO of Anitian, “You need more than just firewalls and anti-virus software. You must coordinate and unify those technologies into some form of security analytics platform.”

Unfortunately, new research from global security and compliance solutions provider Tripwire asserts that only 25 percent of organizations are adequately prepared to detect or respond to a data breach, due to a lack of resources, visibility and threat intelligence.  In fact, only 21 percent said their security teams could monitor and act on security tool statistics and alerts in real time.

Given these realities, consumers should be on guard during their holiday shopping.  Make sure you have alerts set up for all your banking cards and check your balances frequently, and you won’t be caught off guard by a Viking raid on your data.