Solar VPS Blog

How the Grinch Stole the Retail Industry’s Christmas… And Keeping the Grinch Out of Your Cloud Data

IT breach You have probably heard by now that the Grinch was busy this Christmas. A total of six major retailers, including Target and Neiman Marcus, were successfully infiltrated by malware, and massive amounts of user data were stolen. This trend is not just ominous for consumers. It highlights the sophistication of malware, the boldness of hackers, and the continuing threat to all businesses, especially SMB. The reason that SMB are more vulnerable to attacks is that they may not have as many goodies for cybercriminals to grab, but they often don’t have proper protections in place, and a single hack is more likely to drive them out of business. How serious is the threat for businesses? PCWorld tells the story of an executive at a Chicago manufacturing company that barely escaped a loss of hundreds of thousand dollars to controllers of malware. A virus downloaded to the CFO’s computer used standard phishing protocol to steal from the business. When the CFO browsed to the company’s bank account, she was redirected to a fake but otherwise identical site owned by the hackers. A message informed her to call customer service about a problem with the account. When the CFO called the number, she was asked a handful of “verification” questions. Moments later, $300,000 had been withdrawn by a third-party. Luckily, the company responded swiftly, and the bank was able to retain the funds. Despite the happy ending to the Chicago firm’s hack, many small-to-medium businesses do not fare as well. PCWorld cites statistics from the National Cyber Security Alliance that demonstrate how prevalent and damaging hacking is for SMB:
  • 31% of companies breached in 2012 were small businesses
  • 20% of the hacks were successful
  • 60% of the companies successfully hacked were bankrupt within half a year.
Who was behind the attack? A teenager? Web security company IntelCrawler (watch out for their super-creepy 404 error message page) investigated the incident, which according to Target impacted 70 million of its shoppers. Its findings revealed that BlackPOS, a pre-packaged and relatively unsophisticated piece of malware designed by a Russian teenager and purchased by the attackers, was used to infiltrate both Target’s and Neiman Marcus’s systems. Originally called KAPTOXA  (Russian slang for potato) and responsible for all six additional retailer attacks, the software first appeared online in 2013 and has been used for breaches of retailers based in Australia, Canada, and the United States. A report published in Slate revealed that the teenager, who used the screen name ree4, sold KAPTOXA (aka BlackPOS) to more than five dozen hackers, most of them based in Eastern Europe. It further clarifies that the attacks on Target and Neiman Marcus were launched separately: it now seems likely that the only link between them was the malware that was used. In fact, according to The New York Times, Neiman Marcus was breached in July but only became aware of the issue in December. What was taken & why it happened According to Wired, the Target hack began on Black Friday and collected information from the retailer’s point-of-sale (POS) devices. For over two weeks, it transmitted data from credit and debit cards belonging to over 40 million people to the owners of the malicious software. The hackers also received contact information for 70 million customers. All told, 11 GB of data were taken before the company was able to identify and block the intrusion. Avivah Litan, an analyst for Gartner, calls the incident “a big failure of the whole industry.” The retail giant, along with T.J. Maxx and several other retail stores and credit card processing companies, was the target of broadly destructive hacking in 2005. However, according to the analysis in Wired, the security mechanisms in place at retail stores were not substantially improved following that widescale incident, an assertion expected to be used in class-action lawsuits against the “big-box” store. Ensuring strong security In a climate in which retailers are being successfully targeted by hackers, security has become a concern of all organizations. A nonprofit called the Cloud Security Alliance (CSA) was created in 2008 with the specific goal of educating the public and industry professionals about proper security precautions to keep users safe. The organization both provides information on sound security practices with regards to web hosting and best practices for businesses to maintain and improve their systems. Similarly, Microsoft provides a security checklist, a list of considerations for organizations with regards to their own cloud systems, so that security is a top priority. Although the checklist is geared toward governmental agencies, its basic parameters are of use to businesses as well:
  • Privacy – Ideally a provider will encrypt your data, make it anonymous, and make your locations of remote access inaccessible.
  • Integration – In the case of a hybrid solution, you can make use of integration with security tools you have in place for your other systems.
  • Certification – If you have specific compliance concerns, check with your provider to make sure they are certified to meet your needs. Develop a system of metrics so you can analyze and track your cloud hosting environment. Consider the process required of your users to enter and leave the system.
  • Access – Your system should have protections (of course) to guard against malicious intrusion. Specifically consider safeguards in place for your databases.
  • Software – How does your platform keep your code from becoming corrupt? How are people vetted for managerial positions in which they might have greater access to your code? How do they test or model for security threats?
  • Location – The country in which your provider is headquartered will affect the laws surrounding your data.
  • Rights – Are you the owner of the data on your systems? Do you want to encrypt it, and do you have encryption keys that you want to use? Do you have a backup of the data? What is the process for purging the backup?
Today, malicious IT attacks are a concern for any organization. In the case of SMB, protection is especially critical, with 3 out of every 5 small business hacks resulting in bankruptcy. A cloud solution that use strong security parameters, as established in Microsoft’s checklist, can safeguard companies from harm.