Intelligent CISO Issue 9 - Page 64

CISOs must operate on the assumption that their organisation has a far bigger digital footprint than they realise. the Internet, directing employees or customers to what look like legitimate assets. From there cybercriminals can harvest credentials to gain access to corporate systems or capture personal information for monetary gain. Examples of these types of activities include the registration of domains that look similar to a brand’s domain (typo-squatting), driving traffic to phishing pages that look legitimate, placing fake mobile 64 apps in the app stores and creating fake social media accounts on the major social platforms. Millions of new digital assets appear on the Internet every day, making it extremely difficult for an organisation to monitor for brand infringement and impersonation. We also see new adversary tactics appear on a regular basis and, when successful, they are rapidly copied by other threat actors, giving organisations yet another threat vector to defend against. Case study – the credit-card skimming scheme Consider the recent breaches of Ticketmaster, British Airways and Newegg by the credit card-skimming groups known as Magecart. In the case of the Ticketmaster breach, RiskIQ discovered it wasn’t an isolated incident but a worldwide campaign that affected tens of thousands of e-commerce sites executed by hacking widely used third- party analytics trackers. The affected brands had no visibility into the code running on their website, so they were unaware and powerless to protect their customers, many of which had their data stolen directly from the site as they input their payment information. British Airways and Newegg were similarly vulnerable to web-based attacks. They were victimised by targeted attacks using unique skimmers that integrated with the victim’s payment system and blended with the infrastructure, staying there as long as possible. These attacks showed that they are not limited to specific geo- locations or specific industries – any organisation that processes payments online is a target. The elements of the British Airways attacks were all present in the attack on Newegg. However, when brands understand what they look like from the outside in, they can undertake measures to harden their attack surface and take down impersonating assets. Issue 09 |