Subscribe Now

* You will receive the latest news and updates on the Canadian IT marketplace.

Trending News

Blog Post

Target, other retailers must be vigilant for RAM-scraping malware: Websense

Target, other retailers must be vigilant for RAM-scraping malware: Websense 

In December’s breach, attackers took advantage of a momentary decryption of data as it traveled between two systems, according to Jeff Debrosse, director at Websense Security Labs.

“In a nutshell, it’s a specific family of malware that looks for processes and reads the clear text data that the process has decrypted for a very short period of time,” said Debrosse.

Critics have asked why Target’s security was not enough to stop the attack. The problem, says Debrosse, is that most anti-malware and anti-virus software is designed to catch attacks that have already been documented. Target’s security was unable to detect that it had been breached simply because it had never seen that kind of malware before.

“Any half-decent AV can detect malware that happened in the past; it’s the unknown attacks that are the problematic ones,” said Debrosse. “That particular checkmark in the PCI DSS checklist…can give you a false sense of security, thinking the box has been checked. But the unknown malware continues to infect organizations.”

Last week, reports emerged that retailers and banks have been fighting over who bears the responsibility for protecting data. Retailers pointed the finger at banks, saying the Target breach could have been avoided if only the banks had moved to the chip and PIN system like the majority of western nations. Banks, meanwhile, fired back with the assertion that it is the responsibility of retailers to protect any and all data they collect from their customers.

Ultimately, says Debrosse, there are things both retailers and consumers can do to minimize the occurrence or impact of data theft.

“In a closed ecosystem – like point of sale (POS) systems – nothing should be running except exactly what was deployed to run. In this particular case, white listing is tremendously effective because anything new would be viewed as unauthorized,” said Debrosse. “Solutions such as data loss prevention would also be tremendously helpful. There should only be certain communication channels occurring internally between systems…and externally from, for example, Target servers to public servers on the Internet.”

Consumers, too, can alter their spending habits to minimize the collection of their data by retailers. Customers could opt to pay with cash and gift cards instead of debit or credit, or – if they feel uncomfortable carrying around large amounts of cash – they could mix and match their payment methods to minimize their exposure.

Debrosse says that consumers can also monitor their own credit reports to catch any problems as soon as they arise.

“Any time a retailer has been breached, they provide credit monitoring services, but I don’t just rely on the credit monitoring service,” he said. “I want to actually see the report, I don’t wait for someone to actually notify me that there’s something anomalous.”

Related posts