Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

Hacker Holiday Havoc

It’s that time of year again…when consumers, retailers and manufacturers need to understand and be alert to the latest cyber attacks that threaten to dampen the spirit and excitement of the holidays. This year we’re seeing two twists on some tried and true tactics that are cause for concern among the online gaming industry and retailers.

It’s that time of year again…when consumers, retailers and manufacturers need to understand and be alert to the latest cyber attacks that threaten to dampen the spirit and excitement of the holidays. This year we’re seeing two twists on some tried and true tactics that are cause for concern among the online gaming industry and retailers.

Gaming industry and DDoS

The use of botnets comprised of compromised IoT devices (cameras, DVRs, routers or other internet-connected hardware) is not a new development. But the recently discovered Mirai malware involved in attacks that targeted Krebs on Security, the French Internet Service Provider OVH, DynDNS and a mobile telecommunications provider in Liberia, have been some of the largest distributed denial of service (DDoS) attacks measured to date.

These attacks highlight the inherent vulnerability of basing network infrastructure around centralized DNS providers and the potential power of large IoT botnets to enable low capability actors to launch high impact attacks. Mirai spreads by scanning for IoT devices operating Telnet – a network protocol that allows a user on one computer to log onto another computer that is part of the same network – and then uses the default credentials in an attempt to brute-force access to the device.

The attacks on DynDNS caused major disruption and prevented users based in the U.S. from accessing a large number of high profile online services hosted on DynDNS infrastructure. These included major news websites, payment platforms, online games and video on demand (VOD) services.

The gaming industry has been targeted by DDoS attacks in the past. For example, when the hacker group dubbed “Lizard Squad” brought down Xbox Live and PlayStation Network (PSN) Service in December, 2014. With the holidays approaching, gaming sites worldwide need to be on the alert for similar attacks and mitigate vulnerabilities or risk having users unable to access their services. Here are a few tips for how the gaming industry can protect itself and its customers:

• Change access credentials for devices and implement complex passwords.

• Evaluate your dependence on DNS, specifically for your most critical domains, and investigate the use of multiple DNS providers.

• Develop a DDoS process and review monitoring capabilities; to minimize downtime it is important to quickly identify the attack, characterize the attack traffic and take the appropriate action.

• Consider disabling all remote access to devices and perform administrative tasks internally – instead of Telnet, FTP and HTTP, use SSH, SFTP and HTTPS.

FastPOS malware aimed at retailers

Point-of-Sale (POS) malware is also nothing new. The largest breaches in retail history have been as a result of this type of malware. POS threats follow a common process – collecting, storing and sporadically exfiltrating data. Antivirus could potentially detect the physical file on the infected device, giving retailers the opportunity to mitigate damage from these attacks.

However, a new POS malware variant emerging this busy retail period is different. Rather than storing stolen card data for later extraction, FastPOS malware captures credit card data and exfiltrates it directly to its command and control (C&C) servers. The latest update to this malware is harder for antivirus to detect in part because it eliminates the use of a physical file to store the stolen data. Not only is expedited exfiltration harder to detect, but it also accelerates the potential for profit since the stolen data can be used or sold almost immediately.

POS malware is clearly under active development. To prevent and mitigate damage from such attacks retailers can:

• Conduct audits, penetration testing, assessments and red teaming exercises to understand your risk posture and attack surface.

• Consider PoS systems and networks as vital extensions of your enterprise environments; the technology that is used to protect the enterprise should be leveraged on PoS systems and networks where possible and, if not possible, comparable alternates should be sought out.

• Adopt technologies that are becoming more commonplace, such as chip and pin.

• Share intelligence with peers, for example in the form of an ISAC, for the betterment of the industry.

Threat actors will continue to evolve their methods of attacks, improving upon previously successful methods to steal data and cause disruption, particularly during busy periods when the impact is magnified. By being aware of the latest tactics, techniques and procedures (TTPs), organizations can understand how to mitigate damage and thwart cyber criminals’ attempts to wreak havoc during the holidays.

Written By

Click to comment

Expert Insights

Related Content

Cybercrime

Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.

Cybercrime

The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.

Cybercrime

A new study by McAfee and the Center for Strategic and International Studies (CSIS) named a staggering figure as the true annual cost of...

Cybercrime

The FBI dismantled the network of the prolific Hive ransomware gang and seized infrastructure in Los Angeles that was used for the operation.

Cybercrime

Video games developer Riot Games says source code was stolen from its development environment in a ransomware attack

Cybercrime

CISA, NSA, and MS-ISAC issued an alert on the malicious use of RMM software to steal money from bank accounts.

Cybercrime

Artificial intelligence is competing in another endeavor once limited to humans — creating propaganda and disinformation.

Cybercrime

Chinese threat actor DragonSpark has been using the SparkRAT open source backdoor in attacks targeting East Asian organizations.