Entries tagged with “data theft”.

An ongoing attack into corporate America has been trying to infiltrate more than 100 mostly pharmaceutical and health care companies in one of the latest examples of cyber security breaches regarding financial data. This time, the goal is not to take money, but instead to take information. The objective is market-moving information about publicly-traded companies that can be used for a different kind of crime – insider trading.

Cyber security firm Fire Eye recently disclosed the operation, telling Reuters that the hackers were very specific in their method of attack: They targeted only people with access to inside information that could be used to make profitable trades before that information became publicly available.

While Fire Eye declined to disclose the identities of specific victims, the firm says victims include corporate advisors, investment bankers, attorneys, investor relations firms, and others that could have access to corporate information. Fire Eye acknowledges that information has been compromised, but the firm says it does not know whether any trades were made using that information. Fire Eye calls the group “FIN 4” because it ranks number 4 among the large, financially motivated groups that Fire Eye tracks. Fire Eye has already reported the group to the FBI, though the bureau is not commenting on FIN 4 for now.

FIN 4 doesn’t operate by infecting corporate computers with malware. Instead, its hackers steal e-mail account passwords. Using those compromised accounts, the hackers then send phishing e-mails to try to gain inside information. Fire Eye says that FIN 4 covers its tracks by using Tor, a service that masks the location of Internet users.

“They are going after the weakest link in the security chain, people,” Kevin Westin, a security analyst for threat detection firm Tripwire, told Top Tech News. “Given the targets and the data compromised you could call this white collar cybercrime because the goal appears to be industrial espionage.”

Strict password protocols are a must for thwarting hackers seeking inside information. Employees should be required to have different and distinct passwords for each web service they use from the company. Corporations should also consider two-factor authentication, which would require users to enter a second code provided by text message or on another device, such as an authentication device that changes passwords each time it is used. And employees should be trained on phishing tactics that could be used to procure sensitive business information. To learn more about how to make your business more secure, contact us.

As our society’s digital dependence increases, so does the average person’s credit card usage. More businesses are going paperless – leading to an increase in online payments. Also, in general, online purchases are more popular than in-store purchases. In fact, a 2013 survey by Ebates.com, involving 1,000 U.S. consumers, revealed that 84% preferred shopping online than in-store. In light of these trends, it’s even more necessary to be well-versed in safe credit card usage practices.

One easy preventive measure against fraudulent usage of your credit card, should it be physically stolen, is to opt for including a photo of yourself printed on your card. Many banks already offer this option, which makes it practically impossible for a thief to use your stolen card in physical stores. Keep in mind that this provides little protection against fraudulent online purchases.

When using your card online, check your computer for malware before inputting your card number. Often, malware, acquired via unsafe web surfing, install keyloggers which can record and transmit your credit card information as you type it.

Another method used to steal your credit card information is via phishing sites. Make sure to check the URL or address bar in your browser to make sure you aren’t on a phishing site. Phishing sites perfectly mimic the appearance and functionality of a legitimate site, like Amazon, to trick you into submitting your sensitive information.

The key to minimizing the risk of unauthorized use of your credit card is vigilance. If you approach each use of your card with caution, you’ll avoid most credit card stealing traps.Contact us to learn more about fraud prevention tips.

There have been a few famous cyber security breaches regarding financial data in the past year. Here is our next example of one that involved a financial security breach at a large department store.

Hackers broke into the credit card payment system of the department store early last year. The company’s security system apparently issued alerts sixty thousand times but even so, the hackers were able to move around inside the system for more than half a year, all while continually causing alerts every day they were there.

The problem, in this instance, was that the number of alerts that occurred in the system per day was so high that those that corresponded to the actual break-in were only a tiny percentage of the total according to employees at the company. According to some estimates, as many as three hundred and fifty thousand credit cards were exposed during the attack, and some nine thousand have been used by fraudsters since then.

According to some security experts, the main problem was that the point of sales network for the company had all of the registers connected to a central computer. Because of this centralized system, it was easy for hackers to continually add their software back onto registers every day.

The breach could have been prevented had the company more closely monitored the connections between the registers and the central computing system. Every section of the process has to be monitored and secured or a breach at any point could circumvent point of sale security, which is exactly what happened in this case.

For more information about keeping financial transactions secure against hackers, please contact us.

There have been a number of cyber breaches in the last year where financial data has been leaked to the public.  Some have been smaller companies but there have been a fair amount of larger corporations who have fallen victim also.  Here’s an example of a more recent cyber security breach that took place at a major retail store.

Last year a major retail store reported that up to 40 million credit card numbers had been stolen by hackers.  According to some, it was one of the biggest retail hacks in American history. The way the hackers gained access was by installing malware into the payment system the store was using. By doing this, it allowed hackers to gain credit card information for every single user from the over 1,500  stores where the information was stored. The way the hack worked is that the program would copy the credit card number of  consumers whenever they swiped their card to pay for their items.

The hackers were actually spotted by a few different security companies during this breach. This was a case where the security measures in place actually functioned, and the problem was the human element.

Apparently, the security program in place had the option to automatically delete malware being placed on the system, but the security team turned it off. According to some sources, the security team then failed to keep a firm enough grip on network security, which caused them to miss the multiple flags that went off.

The Symantec Endpoint Protection system that the company was using for antivirus even identified the threat well in advance.

The case with this retail store  just goes to show that a security system, no matter how advanced, is only as effective as the people using it.

For more information on cyber security, please contact us today.

Barnes and Noble has reported that PIN entry devices in dozens of its stores have been hacked.  According to the company, one device in each of 63 different stores  had been compromised. The company said that its website and purchase made on the Nook were not impacted by the breach.    Reports indicate that the stores involved in the compromise were located in California, Connecticut, Florida, Illinois, Massachusetts, New Jersey, New York, Pennsylvania and Rhode Island. B&N is working with banks to notify affected customers.    The company acted swiftly in disconnecting the devices in all of its more than 700 stores once the breach was discovered. Further, the company altered the process for using a card to a more secure method.  Rather than swiping the card, the consumer will now hand the cashier the card to be swiped, a process the company believes to be more secure.

There are two security issues at play here. The first is the question of physical security.  How many times have you walked into a grocery store, or any store for that matter, and used the PIN pad device without the assistance of the clerk?  While that certainly adds convenience, it can also introduce risk.  The following video demonstrates just how easy it can be to compromise a PIN pad machine.

As you can see, without the proper physical security, attaching a skimming device or tampering with the machine can take just a matter of seconds. If you are accepting cards it is vitally important to think about the physical security of the data, as well as the technical security.  If you use a mobile device, ensure that it is with you at all times.  If it is not with you, it should be locked in a secured location.  If you are using a Point of Sale solution or a PIN pad device, make sure that it is secured to the counter and that you can tell whether or not the device has been altered.  In the video above, the clerk noticed that machine had been tampered with and was able to prevent the theft of data.

The second issue at play here is the technical aspect of security.  This is of particular consequence, because thieves that are able to access full card data can make counterfeit cards and the volume of fraudulent transactions increases significantly.  To counter this, the PCI SSC has drafted a number of documents specifically aimed at protecting PIN pad devices.  You can find all of the PCI SSC security documents on the Library section of their website.

Security of transaction data is not an “online only” problem.  Thieves are able to extrapolate physical theft into credit card fraud.  That means the physical instruments that we use to accept credit card transactions must be afforded the same level of protection as the systems in which we store that data (e.g. databases or POS applications).