Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacker Holiday Havoc

It’s that time of year again…when consumers, retailers and manufacturers need to understand and be alert to the latest cyber attacks that threaten to dampen the spirit and excitement of the holidays. This year we’re seeing two twists on some tried and true tactics that are cause for concern among the online gaming industry and retailers.

It’s that time of year again…when consumers, retailers and manufacturers need to understand and be alert to the latest cyber attacks that threaten to dampen the spirit and excitement of the holidays. This year we’re seeing two twists on some tried and true tactics that are cause for concern among the online gaming industry and retailers.

Gaming industry and DDoS

The use of botnets comprised of compromised IoT devices (cameras, DVRs, routers or other internet-connected hardware) is not a new development. But the recently discovered Mirai malware involved in attacks that targeted Krebs on Security, the French Internet Service Provider OVH, DynDNS and a mobile telecommunications provider in Liberia, have been some of the largest distributed denial of service (DDoS) attacks measured to date.

These attacks highlight the inherent vulnerability of basing network infrastructure around centralized DNS providers and the potential power of large IoT botnets to enable low capability actors to launch high impact attacks. Mirai spreads by scanning for IoT devices operating Telnet – a network protocol that allows a user on one computer to log onto another computer that is part of the same network – and then uses the default credentials in an attempt to brute-force access to the device.

The attacks on DynDNS caused major disruption and prevented users based in the U.S. from accessing a large number of high profile online services hosted on DynDNS infrastructure. These included major news websites, payment platforms, online games and video on demand (VOD) services.

The gaming industry has been targeted by DDoS attacks in the past. For example, when the hacker group dubbed “Lizard Squad” brought down Xbox Live and PlayStation Network (PSN) Service in December, 2014. With the holidays approaching, gaming sites worldwide need to be on the alert for similar attacks and mitigate vulnerabilities or risk having users unable to access their services. Here are a few tips for how the gaming industry can protect itself and its customers:

• Change access credentials for devices and implement complex passwords.

• Evaluate your dependence on DNS, specifically for your most critical domains, and investigate the use of multiple DNS providers.

Advertisement. Scroll to continue reading.

• Develop a DDoS process and review monitoring capabilities; to minimize downtime it is important to quickly identify the attack, characterize the attack traffic and take the appropriate action.

• Consider disabling all remote access to devices and perform administrative tasks internally – instead of Telnet, FTP and HTTP, use SSH, SFTP and HTTPS.

FastPOS malware aimed at retailers

Point-of-Sale (POS) malware is also nothing new. The largest breaches in retail history have been as a result of this type of malware. POS threats follow a common process – collecting, storing and sporadically exfiltrating data. Antivirus could potentially detect the physical file on the infected device, giving retailers the opportunity to mitigate damage from these attacks.

However, a new POS malware variant emerging this busy retail period is different. Rather than storing stolen card data for later extraction, FastPOS malware captures credit card data and exfiltrates it directly to its command and control (C&C) servers. The latest update to this malware is harder for antivirus to detect in part because it eliminates the use of a physical file to store the stolen data. Not only is expedited exfiltration harder to detect, but it also accelerates the potential for profit since the stolen data can be used or sold almost immediately.

POS malware is clearly under active development. To prevent and mitigate damage from such attacks retailers can:

• Conduct audits, penetration testing, assessments and red teaming exercises to understand your risk posture and attack surface.

• Consider PoS systems and networks as vital extensions of your enterprise environments; the technology that is used to protect the enterprise should be leveraged on PoS systems and networks where possible and, if not possible, comparable alternates should be sought out.

• Adopt technologies that are becoming more commonplace, such as chip and pin.

• Share intelligence with peers, for example in the form of an ISAC, for the betterment of the industry.

Threat actors will continue to evolve their methods of attacks, improving upon previously successful methods to steal data and cause disruption, particularly during busy periods when the impact is magnified. By being aware of the latest tactics, techniques and procedures (TTPs), organizations can understand how to mitigate damage and thwart cyber criminals’ attempts to wreak havoc during the holidays.

Written By

Alastair Paterson is the CEO and co-founder of Harmonic Security, enabling companies to adopt Generative AI without risk to their sensitive data. Prior to this he co-founded and was CEO of the cyber security company Digital Shadows from its inception in 2011 until its acquisition by ReliaQuest/KKR for $160m in July 2022. Alastair led the company to become an international, industry-recognised leader in threat intelligence and digital risk protection.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Cybercrime

Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Artificial Intelligence

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.

Cybercrime

Patch Tuesday: Microsoft calls attention to a series of zero-day remote code execution attacks hitting its Office productivity suite.