Even if you’re not one of the tens of millions of customers that have had your credit card data stolen and sold on the black market, you’ve almost certainly heard about the Target hack that occurred in late 2013. In that attack, over 40 million credit cards and the personal information of up to 70 million people were compromised.
More recently, Neiman Marcus publicly acknowledged that its network had been breached. According to Jim Finkle and Mark Hosenball at Reuters, it was revealed this week that at least three additional well-known US retailers have experienced similar, though smaller breaches. These types of network infiltrations are alarming for consumers and enterprises alike, although there is a valuable lesson to be learned from them.
Despite the fact that Target has not yet disclosed how the cyber criminals managed to obtain access to its network, an inside source who spoke to Reuters believes the attackers used a type of malware called a RAM scraper. RAM scraping, as described by Re/code’s Arik Hesseldahl, is an old attack technique that is usually disguised as something innocuous and consequently may enter networks for all the usual reasons – unpatched security vulnerabilities in the system, unsecure endpoints, a mistakenly opened email attachment, etc.
Even though point-of-sale (POS) systems have extremely strict encryption requirements, there is one instance, literally only a couple of milliseconds, where credit card information is decrypted so it can be processed and charged. That’s when the RAM scraping malware attacks. The malware is designed to recognize certain data, such as credit card numbers, and immediately save that information to a text file that easily expands with each new number acquired. According to Hesseldahl, when the attackers are satisfied with the size of that file, they simply “exfiltrate” it to themselves and head to the black market.
We said it when Adobe was hacked and we’ll say it again now: Hackers are far from lazy, and if you leave a door in your network security open even an inch, they will find it and they will sneak in. These prominent hacks serve as scary reminders of the growing threat of advanced persistent threats (APTs). We fully support the notion that one of the best defenses against APTs is a centrally managed remote access control solution, which can actually help prevent network breaches from occurring. A centrally managed VPN, for example, gives IT administrators the ability to monitor and control all communications within the corporate network, all the while ensuring that these communications are encrypted. Working in conjunction with other security elements such as intrusion prevention systems (IPSs), firewalls and other network and security components, centrally managed VPNs help enterprises safeguard their data and systems against hacks and reduce the risk of becoming a cyber criminal’s next Target.