Apparel retailer Forever 21 disclosed its findings on the data breach it reported last November 2017, revealing signs of point-of-sale (PoS) malware and unauthorized network access into affected PoS devices whose encryption technology were disabled. The PoS malware, Forever 21’s press release said, were designed to “search for payment card data.”
In its statement: “The malware searched only for track data read from a payment card as it was being routed through the POS device. In most instances, the malware only found track data that did not have cardholder name – only card number, expiration date, and internal verification code – but occasionally the cardholder name was found.”
Forever 21 has more than 800 stores in over 57 countries. The retailer noted that although stores outside the U.S. use different payment processing systems, they are still determining if these stores were also affected. Forever 21 said that the malware and ensuing breach did not affect payment cards used on their website.
PoS malware, as exemplified by the likes of AbaddonPOS, RawPOS, and MajikPOS, are often combined with other threats to maximize the data they can steal, such as backdoors and keyloggers. The stolen information can range from driver’s licenses, credentials and other personally identifiable information (PII).
Stolen payment data typically wind up being traded on the cybercriminal underground for up to US$700. The Chinese underground, for instance, offers related wares such as hardware skimmers that extract data from PoS devices and automated teller machines (ATMs).
Stolen PII can also be used as a springboard for other cyberattacks, as demonstrated by the Onliner spambot that used 711 million accounts—built up from previous data breaches—to distribute spam email. Cybercriminals have also used PoS malware to target other industries, from large international corporations to small and medium-sized businesses (SMBs).
Businesses stand to lose more than just revenue in data breaches. Losing customer trust and credibility is just as significant. For instance, the General Data Protection Regulation (GDPR) that will be implemented in May 2018 will fine businesses up to 20 million euros (US$24 million) for failing to protect customer data.
Here are some of the countermeasures that businesses can implement to mitigate these threats:
- Ensuring that all stores comply with the latest Payment Card Industry Data Security Standard (PCI-DSS)
- Implementing properly configured chip-and-PIN cards with end-to-end encryption (EMVs) that are more secure than magnetic stripe-based cards
- Properly securing other points of entry, such as remote desktops and endpoints
- Deploying application control/whitelisting and behavior monitoring, which detect and block unknown files and prevent anomalous modifications or routines from running
- Proactively monitoring the network for any red flags, such as suspicious data exfiltration
In its statement, Forever 21 said it is working with payment processors, PoS device providers, and third-party cyber forensics experts to improve its security posture. Forever 21 is also providing free credit monitoring services to customers who may be affected and advises customers to report fraud to the authorities.
Trend Micro Solutions
Trend Micro XGen™ security provides a cross-generational blend of threat defense techniques against a full range of threats for data centers, cloud environments, networks, and endpoints. It features high-fidelity machine learning to secure the gateway and endpoint data and applications, and protects physical, virtual, and cloud workloads. With capabilities like web/URL filtering, behavioral analysis, and custom sandboxing, XGen™ protects against today’s purpose-built threats that bypass traditional controls, exploit known, unknown, or undisclosed vulnerabilities, and either steal or encrypt personally-identifiable data. Smart, optimized, and connected, XGen™ powers Trend Micro’s suite of security solutions: Hybrid Cloud Security, User Protection, and Network Defense.
Like it? Add this infographic to your site:
1. Click on the box below. 2. Press Ctrl+A to select all. 3. Press Ctrl+C to copy. 4. Paste the code into your page (Ctrl+V).
Image will appear the same size as you see above.