handcuffs_pos_ransomware

Highlighting the most significant cyber-security news of the past week in just 120 secs.

Ready, set, go!

PoS Breaches

Hilton Worldwide is investigating a possible Point-of-Sales (PoS) breach that occurred between April 21, 2015 & July 27, 2015.  The data compromised looks to be credit cards that were used at Hilton’s point-of-sale registers in restaurants, gift and coffee shops. 

 http://krebsonsecurity.com/2015/09/banks-card-breach-at-hilton-hotel-properties/

Why is this signficant?

  1. It is still unclear how many Hilton properties were affected, but they do include Embassy Suites, Doubletree, Hampton Inn and Suites, and the upscale Waldorf Astoria Hotels & Resorts.  Several sources reported to Brian Krebs of KrebsOnSecurity this case might have a longer history dating back to November 2014.
  2. It appears to be that the data breach went on a little more than three months.  Not to mention, Hilton was not alerted of this issue, it took alerts from five different banks to realize that possible exfiltration was occurring.
  3. These systems had to be under PCI compliance, so either they were not compliant or the affected properties need to demonstrate compliance (were the breach had in fact occurred). This latter case is interesting since compliance does not equate security and while PCI attempts to increase the security measures – this might be one more indicative case of the compliance-security gap.
  4. Particularly with PoS attacks, once they are compromised, they are taken offline – directly impacting the revenue of the location it appears in.

 

The Trump Hotel Collection has issued a statement of a possible PoS breach that took place from May 19, 2014, and June 2, 2015.  The forensics team is actively investigating the data that was breached, but it looks to be "Payment card data - including payment card account number, card expiration date, security code, and cardholder name" within 7 of Trump’s hotels.

http://www.bankinfosecurity.com/trump-hotels-confirms-pos-malware-breach-a-8555

Why is this signficant?

  1. Just a few days earlier,  KrebsOnSecurity reported the investigation of the Hilton worldwide PoS breach (see previous news item).  
  2. Trump is already setting aside the associated costs of the breach and offering a prepaid one year subscription for identity theft monitoring system to the customers that used payment card to the relevant properties during from May 19, 2014 - June 2, 2015. Unfortunately, not all identity monitoring services are useful in order to actively prevent a theft. See Brian Krebs great breakdown on the effectiveness of these services- http://krebsonsecurity.com/2014/03/are-credit-monitoring-services-worth-it/

  3. Although, it is too early in the investigation to report, there is speculation that the malware used could be “Punkey”  - a hard to detect memory scraping malware that the FBI warned about back on May 27.
    * enSilo's customers are protected from Punkey.

 

ABA Survey Says

The American Bar Association (ABA) conducted a survey from  January and May 2015 based on cyber security awareness, preparedness, responsiveness within law firms with 880 responses. 

http://www.legaltechnews.com/id=1202737940446/Law-Firms-Face-Security-Incidents-Even-as-Tech-Budgets-Increase

Why is this signficant?

    1. Firms infected with virus/spyware/malware consisting of  & sole practitioners were: 
      • Firms with 10-49 attorneys ranked highest in 2015 (52%)
      • Solo practitioners (44%)
      • Firms with 2-9 attorneys (43%)
    2. Impact of business disruption:
      • 56.5 no significant business disruption (Surprisingly, maybe they should add ransom ware to the survey..?)
      • 37.5% downtime/loss of billable hours (Lawyers charge different rates, however none are cheap.. That’s a significant amount of money)  
      • 36.3% paid for repair consulting fees
      • 26.8% temporary loss of network
    3. Cyber-security in law firms: 20% of respondents had an overall full security assessment & 3/4 of respondents from the biggest firms did not know if there was a full security assessment done.  Apparently, the increase in client questioning the security audit or security  verification of the law firms, at the biggest firms is close to 40%.  Only 10% sole practitioners carry cyber-security liability insurance, 20% of solo practitioners did not know if they had cyber liability insurance.    

Cyber-criminals caught

Authorities have arrested two suspects that are accused of writing the CoinVault ransom ware.  CoinVault, first discovered in November 2014, is a ransomware that locked tens of thousands of users out of their documents, media files (audio, video and images), databases or archives (values of significance).   It seems as thought the duo targeted Western European countries and the U.S. whom they thought had enough money to pay the ransoms requested in bit coins.

http://news.softpedia.com/news/coinvault-ransomware-authors-arrested-by-authorities-in-holland-492024.shtml

Why is this signficant?

1. This story gives a good indication on the financial motivation behind ransomware. According to the report, CoinVault infected about 1500 machines and the ransomware was initially set to 0.5 bitcoins - roughly $120. The ransom fee typically increased were it not paid on time. Considering then the floor revenue, this group of ransomware authors have purpotedly made about $180K with their malicious software.

 * enSilo's customers are protected from CoinVault

 

Retailers can eliminate PoS system downtime during the investigation and remediation of an alert:

Learn More