Franchises make lucrative hack targets

Powered by SC Magazine
 

Annual report

Cyber criminals are targeting franchises as larger organisations lock down data according to recent research.

The food-and-beverage industry was the most targeted sector, comprising of 44 percent of the 300 data breaches investigated by Trustwave.

The company's 2012 Global Security Report also rated that industry as the most targeted in 2010.

Food-and-beverage franchisees have similar networks that offer hackers a formulaic blueprint for fleecing a large number of victims.

"The attackers find their way in to one environment [and] realise it's a brand-name that has hundreds or thousands of other locations," Trustwave's SpiderLabs Nicholas Percoco said.

"They spend a lot of time doing research in that one environment, build custom tools and then start compromising as many [franchises] as they can in succession. They've don't have to invest a lot of time once they've learned about one environment."

He said the hackers "basically walked themselves" into victim organisations because of poor password use.

"They'll then go and basically brute force attack those systems and they are highly successful at that ...There's no alarms that went off, They just connected and logged in. Now they're in the environment, and you're not suspecting they're there and they're now implementing customised malware into these environments."

Trustwave ran the targeted malware samples they encountered against 25 of the most commonly used anti-virus and found that only 12 percent of flagged the code as malicious.

In total, 80 percent of the Trustwave probes involved incidents in which customer data was stolen, while about six percent of cases involved plundered trade secrets. Roughly 63 percent of the attacks sought to steal information in transit, while about 28 percent sought stored data.

Percoco said mega breaches seem to be a thing of the past, like when hackers stole 45.7 million credit card numbers from discount retail parent TJX. But intruders are still using similar methods to exfiltrate data.

"This would be analogous in the TJX case of someone going after all the individual stores, versus the corporate headquarters," he said.

This article originally appeared at scmagazineus.com

Copyright © SC Magazine, US edition


Franchises make lucrative hack targets
 
 
 
Top Stories
Qld Transport to replace core registration system
State's biggest citizen info repository set for overhaul.
 
Innovating in the sleepy super industry
There’s little incentive to be on the bleeding edge, so why is Andrew Todd fighting so hard?
 
How technology will unify Toll
The systems headache formed through 15 years of acquisitions.
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
Who do you trust most to protect your private data?







   |   View results
Your bank
  39%
 
Your insurance company
  3%
 
A technology company (Google, Facebook et al)
  7%
 
Your telco, ISP or utility
  8%
 
A retailer (Coles, Woolworths et al)
  2%
 
A Federal Government agency (ATO, Centrelink etc)
  20%
 
An Australian law enforcement agency (AFP, ASIO et al)
  15%
 
A State Government agency (Health dept, etc)
  5%
TOTAL VOTES: 884

Vote