Rail Europe. Apparently, cyberthieves placed credit card-skimming malware in the Rail Europe website between late November 2017 and mid-February 2018. Point-of-sale (POS) and retail systems have been targeted worldwide for the past several years. POS systems are a great place to clandestinely obtain good, clean credit card data which can be immediately used or sold for a high value on the dark web. All it takes is the right software and access through the perimeter to the financial network.
Rail Europe noted that credit card numbers and card verification codes were stolen. The cybercriminals also stole name, addresses, phone numbers, email addresses, and other personal information. Rail Europe declined to reveal the number of customers affected by the breach, but they did file a report with the office of the attorney general of California, which is, by California state law, only required when 500 or more California state residents’ unencrypted data is compromised.
At the point of the transaction, many of the cards use the EMV chip and, hence, are pretty resilient to fraud. But all these attackers want to do is to intercept the numbers so they can use them in transactions where the chip doesn’t come into play. This includes internet transactions, mail order, and telephone orders. And since the thieves intercepted the data as customers submitted it rather than accessing older data in a company database, all of the data they gathered was current and working.
Chili’s Restaurants. Between March and April of 2018, malware was used to steal payment card data from payment-related systems used for restaurant purchases at some of Chili’s restaurants. The breadth of the cybertheft was limited, as Chili’s does not collect personal information such as social security numbers, dates of birth, or federal or state ID numbers. Despite the limited scope of the breach, company shares for Brinker International, Chili’s parent company, dropped two percent within three days of announcing the attack. Adding insult to injury, Chili’s is a chain that has toted it’s innovative use of technology, such as incorporating tablets into restaurants for easy ordering.
In the case of Chili’s breach, malware is suspected of being installed and then siphoning the credit and debit card information back to the remote cyberthieves. This is part of the larger trend of increasing attacks impacting point-of-sale (POS) and retail systems around the world. Why? Because just about every retail business uses these systems to scan customer selected items, total the sale, and process the credit card payments. The widespread use of POS systems makes them extremely attractive for cyberthieves. In order to play, all a cyberthief needs is the name and credit card number, which they can easily sell to the highest bidder on the dark web. New chip cards have attacked fraud at the checkout counter, but overall fraud is rising when associated with a “card not present” transaction, such as those for telephone orders and mail-order transactions.
The Chili’s cybertheft illustrates once again how inevitable it is that attackers will compromise and penetrate your networks. Credit card data is only briefly unencrypted in the POS device’s random access memory (RAM), but that small window is enough for malware, once it’s in the system, to detect and collect that data. Once it’s gathered, the data is sent to a seperate server, where the cyberthieves can look through it at their leisure.
Canadian Broadcasting Corp (CBC) Data Breach. A privacy breach at Canadian Broadcasting Corp (CBC) may involve 23,675 employees and others per recent reports. The CBC noted in a May 16, 2018 news release that there had been a break-in at a CBC office that had resulted in the theft of equipment containing confidential information.
The Lessons Learned. These cyber attacks shows that it is inevitable that attackers will get into your cloud deployments and on-premise networks. Rapidly evolving best practices to secure data suggest that in all of these cases both personal and financial data should have been secured using encryption. Encryption is the industry best practice of choice, whether on-premise, in mobile devices, or in the cloud.
CipherCloud’s cloud access security broker (CASB+) brings Zero Trust end-to-end encryption to help protect your cloud. End-to-end, or “edge,” encryption makes sure that all of your data is encrypted at the cloud edge, providing superior protection for data at any time within the lifecycle of use. This protects your data at rest, in motion (middleware, APIs, etc.) and in use. CipherCloud protects your data against all of the threats identified by the Cloud Security Alliance report on Cloud Computing Top Threats. This includes account hijacking, cloud threats, java container based attacks, insecure APIs, system vulnerabilities, malicious insiders, misconfigurations, administrative errors, advanced persistent threats and more.
If you encrypt all of your data using end-to-end Zero Trust encryption, then unauthorized access is of little to no consequence. Data which is encrypted and stolen is not considered breached, as it is completely unusable by the thieves. This is effectively a “safe harbor” that protects you against impact to your reputation. Under the toughest compliance regulations in the world, there is absolutely no need to notify customers if a cyberattacker or malicious insider gets hold of encrypted data.
All networks are eventually going to be infiltrated, whether by outside attackers or by malicious insiders. If your data is stored unencrypted at any point, it is at risk. There is a reason California law, and many other compliance regulations across the globe, specify that only breaches of unencrypted data need be reported; if it encrypted data is stolen, it is useless to the attackers. Zero Trust encryption ensures that the data is encrypted and unreadable to unauthorized personnel the entire time it within your network, a cloud provider, or a cloud-based SaaS software provider such as Salesforce, ServiceNow, and SuccessFactors.