http://www.bankinfosecurity.com/interviews/fs-isac-remote-access-attack-alert-i-2787
By Tracy Kitten
Bank Info Security
July 8, 2015
Remote-access attacks waged against smaller merchants are a growing
threat, according to a cybersecurity alert published July 7. The alert was
released by the Financial Services Information Sharing and Analysis
Center, along with Visa, the U.S. Secret Service and The Retail Cyber
Intelligence Sharing Center, which provides threat intelligence for
retailers.
While industry attention in late 2013 and early 2014 was focused on the
large-scale RAM-scraping malware attacks that resulted in breaches at
big-box retailers, including Target and Home Depot, more attention is now
being paid to remote-access attacks against point-of-sale devices commonly
used at smaller merchants, says Charles Bretz, director of payment risk at
the FS-ISAC. The organization provides a conduit for information sharing
among financial services institutions.
"We are seeing a shift in the breaches of card data," Bretz says in this
interview with Information Security Media Group. Now that many of the
larger retailers have implemented end-to-end encryption and tokenization,
in conjunction with their rollouts of EMV-compliant POS terminals, hackers
are turning their attention toward smaller retailers, he says.
"Criminals continue to find success by targeting smaller retailers that
use common IT and payments systems," Bretz explains. "Merchants in
industry verticals use managed service provider systems. There might be
100 merchants that use a managed service provider that provides IT and
payment services for their business."
[...]
--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/
