Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attack Chain


Published on

You have probably heard about some of the latest, high profile, breaches in the retail space. Home Depot, eBay, and Target were massive targets for hackers recently. View this infographic to learn the process an attacker must go through in order to steal credit card information.

Published in: Technology
  • Be the first to comment

[INFOGRAPHIC] The Credit Card Criminal's Playbook: A Retail Data Breach Attack Chain

  1. 1. HOW TO STOP ANAJTACK Gain access to the merchant's system without raising alarms GOAL PROACTIVE PREVENTION Identify and mitigate known vulnerabilities to reduce the attack surface Establish, maintain, and test strong password controls and two—factor authentication, even for 3rd party vendors SUSPICIOUS BEHAVIOR DETECTION Know typical behavior for users so that anomalous behavior is immediately detected Study environment and build custom malware to perfect method of collecting data without detection Detect compromised credentials GOAL Flag new running executables for malware investigation ENDPOINT MONITORING Detect out of ordinary software install 1' uunIIIIii- Lt Imujt o_ SIEM Detect simple indicators of compromise such as atypical disk . _n faret . ‘I "r V‘ ' utilization on POS systems Harvest credit ca rd data — full magnetic stripe data — through fully deployed malware By this point, the merchant will not likely stop the breach until fraud begins to occur and is detected by external 3rd parties [law enforcement and card brands]. GOAL I FIE» , =gu: I'(= In §. " = .lll umni ¢= .IniI= » Steps 3 & 4 loop continuously until either the attacker stops collecting data or the merchant detects the breach. EXIT TRAFFIC MONITORING Egress traffic analysis tools can detect changes in data quantity exiting the network. Send harvested data to attacker and delete records to avoid detection GOAL BUT attackers often design malware to mirror frequency of routine data traffic to avoid detection. Once data has been exfiltrated from the merchant's environment, internal security measures have failed and the merchant will likely rely heavily upon external entities to discover the breach. Sort card data to identify most valuable cards and sell to criminals in underground fraud forums GOAL LAW ENFORCEMENT Selling card information in underground carder forums must be caught by teams monitoring carder forums. Credit card fraud is very rarely carried out by the same criminal[s] that initially executed the attack against the merchant. FRAUD DETECTION Manufacture fake cards to use for criminal operations orto sell to other criminals GOAL Consumers, banks and card brands detect suspicious spending activity from fake credit cards. Even after initial fraud is detected, it can take months to discover the Common Point of Purchase [CPP] and identify the compromised merchant. This represents the most common attack chain for a retail breach, but it is by no means all inclusive or illustrative of any one company's breach. RA PID