Unless you`ve been combing the DBIR regularly since it was published in April, there`s a good chance you missed a few things in it. Marc Spitler, co-author of the DBIR and senior risk analyst with Verizon, joined Dark Reading Radio yesterday and shared what may have been some of the possibly lesser-noticed or publicized nuggets from the report.
Payment Card Hacking Has Evolved Dramatically
Debit and credit-card accounts have been a hot commodity since the big TJX and Heartland breaches in the early 2000s. But studying the evolution of just how cybercriminals have been stealing that information over the years highlights how their tactics have changed, while their hunger for these cards has not.
Verizon`s Spitler points out that after TJX and Heartland and other big-name retail breaches at that time--mostly via packet-sniffing and pilfering databases--the bad guys shifted their targets to small- to mid-sized businesses, this time stealing lower volumes of card data via point-of-sale (POS) systems.
Then came the fourth quarter of 2013--Target`s data breach--and the floodgates opened again for high-volume, multi-million dollar payment card theft, and from some big-name, big-box retailers. `These were not database hacks. They were going after the PoS sales environment, putting in malicious code to take payment card data when it was processed and exfiltrate it out,` Spitler says.
`It`s been a really interesting rollercoaster ride in terms of payment card breaches studied in our report,` he says. `It`s been interesting to see their tactics change … This isn`t just a lone wolf. These are well-run organizations` stealing volumes of card data, he says.
Read original article
No comments:
Post a Comment