Franchises make lucrative hack targets

Powered by SC Magazine

Annual report

Cyber criminals are targeting franchises as larger organisations lock down data according to recent research.

The food-and-beverage industry was the most targeted sector, comprising of 44 percent of the 300 data breaches investigated by Trustwave.

The company's 2012 Global Security Report also rated that industry as the most targeted in 2010.

Food-and-beverage franchisees have similar networks that offer hackers a formulaic blueprint for fleecing a large number of victims.

"The attackers find their way in to one environment [and] realise it's a brand-name that has hundreds or thousands of other locations," Trustwave's SpiderLabs Nicholas Percoco said.

"They spend a lot of time doing research in that one environment, build custom tools and then start compromising as many [franchises] as they can in succession. They've don't have to invest a lot of time once they've learned about one environment."

He said the hackers "basically walked themselves" into victim organisations because of poor password use.

"They'll then go and basically brute force attack those systems and they are highly successful at that ...There's no alarms that went off, They just connected and logged in. Now they're in the environment, and you're not suspecting they're there and they're now implementing customised malware into these environments."

Trustwave ran the targeted malware samples they encountered against 25 of the most commonly used anti-virus and found that only 12 percent of flagged the code as malicious.

In total, 80 percent of the Trustwave probes involved incidents in which customer data was stolen, while about six percent of cases involved plundered trade secrets. Roughly 63 percent of the attacks sought to steal information in transit, while about 28 percent sought stored data.

Percoco said mega breaches seem to be a thing of the past, like when hackers stole 45.7 million credit card numbers from discount retail parent TJX. But intruders are still using similar methods to exfiltrate data.

"This would be analogous in the TJX case of someone going after all the individual stores, versus the corporate headquarters," he said.

This article originally appeared at

Copyright © SC Magazine, US edition

Franchises make lucrative hack targets
Top Stories
Inside the stalemate on Australia's piracy code
Still not registered almost five months on.
IT staff outline deep anger in Macquarie Uni survey
‘Morale at lowest point in a decade’.
Cost blowout to push NBN past $41bn budget
But government funding cap to remain.
Sign up to receive iTnews email bulletins
Latest Comments
New Windows 10 users, are you upgrading from...

   |   View results
Windows 8
Windows 7
Windows XP
Another operating system
Windows Vista