DHS Report Researcher: Retailers at RiskMalware Attacks Take Aim at Payments, Critical Infrastructure
Cyberintelligence firm iSight Partners worked with the DHS, along with the Financial Services Information Sharing and Analysis Center, the U.S. Secret Service and others, to develop this report, which was released to retailers in mid-January, Jones says in an exclusive interview with BankInfoSecurity.
"ISight Partners, in working with the U.S. government, determined that there was some new malware potentially compromising retail systems," Jones says. "The purpose of this report was to notify retailers and raise the level of awareness for these risks."
Point-of-sale malware attacks are nothing new, Jones says. The difference now is the scale of the attacks and "the overall attack method and operation to covertly control network controls," she adds.
The attacks that are taking aim at payments today have the ability to infiltrate systems and steal card data as well as personally identifiable information without detection, Jones says. And a variety of malware strains are attacking the country's critical infrastructure, she says.
"We shouldn't get so hung up on the actual type of malware but on the type of behaviors and the activities of the attack," Jones says. "Retailers should focus in on some of the anomalous behavior."
Jones advises retailers to focus on securing their networks, like any other financial services player. "They need to think about having a good understanding of not only their key assets, but they need to understand the vulnerabilities in their environment and then understand what their risk tolerance is," Jones says. "Based on the risk they can tolerate, they should take their resources to construct the most effective information security programs to address those risks."
Breaches Raise Awareness
Recent high-profile retail breaches, such as those suffered by Target Corp. and Neiman Marcus have garnered industry attention. But Jones points out that sophisticated malware attacks, like the KAPTOXA POS attack that has been linked to Target's compromise, have been around for a number of years.
"ISight began to report on POS malware attacks actively in early 2013," Jones says. "But even before 2013, we saw malware trying to compromise systems."
During this interview, Jones discusses:
- Why attributing these attacks is futile;
- How attacks and targets continually change; and
- Why cross-industry defenses have become a necessity.
Jones, vice president and chief revenue officer of iSight Partners, is the former deputy chief of staff at the White House Office of Cyber Security and Critical Infrastructure Protection, where she served under the leadership of Richard Clarke. During her tenure at the White House, she also contributed to the development of the President's National Strategy to Secure Cyberspace. Before joining iSight, she spent more than a decade at Symantec, holding numerous senior-level roles.