Recent news of network security threats ranges from the very small to the very big, from local fast food franchises to the halls of Congress.
Point of Sale Breaches
Point of Sale systems constantly show up among news of breaches, because they often lack good security. In many cases the terminals have old software and don’t get updates, and often they’re installed without changing the default configuration, with default passwords or very weak ones.
Wendy’s recently suffered a breach that affected close to 300 PoS systems. It was first reported in January 2016, and it took until early April to stop all leaking of credit card information.
The attack exploited a PoS system used in some franchised locations; none of the company-owned locations used this system, and the breach didn’t affect any of them. A Wendy’s spokesman noted that dealing with franchises added to the investigation’s complexity. It’s common for franchised operations to have Point of Sale security problems, since local managers have less access to IT expertise than a centralized operation. They need to recognize the need for competent IT services, and central offices can help by making them available. Discouraging use of the devices for other purposes can also reduce the chances of an attack.
Software to attack PoS devices is impressively sophisticated. There are whole malware suites that work together to open back-door access to the devices, grab screen images. and even “upgrade” the invasive software, presumably to get around antivirus protection. The lesson from this is that removing just one component doesn’t necessarily mean that the problem has gone away. If the loader remains, it can re-infect the device. It’s important to keep antivirus software up to date in order to make sure threats won’t recur, and to use a firewall to minimize the available attack paths.
Any business that uses PoS devices needs to comply with PCI’s Data Security Standards. This takes some effort, but avoiding the consequences of stolen credit card data is well worth it.
Ransomware Attacks on Congress
At the other end of the spectrum in size, power, and responsibility, the House of Representatives has lately been the target of attempted ransomware attacks. “Ransomware” is malicious software that encrypts the files on a computer, making them useless till they’re decrypted again. The attacker demands a payment through an anonymous channel such as Bitcoin and then (hopefully) provides a decryption key after it receives payment. These attacks have been a growing threat this year, with successful attacks on hospitals making the news.
Attackers have sent mail to Congressional representatives or staff members through services such as YahooMail and GMail. The report is unclear on whether they’re doing this by sending links to malicious files, using attachments, or a combination of the two. Attacks have often appeared to come from known senders, suggesting that whoever originated the attacks got access to staffers’ address books and impersonated them.
The House Chief Administrative Officer (CAO) has put a temporary ban on using YahooMail and perhaps other applications. The CAO declined to say whether any attacks were successful or how the government responded to the demands if they succeeded.
Protection against ransomware requires a multi-level approach. Spam filters can stop a lot of hostile mail from reaching inboxes. Antivirus software can prevent it from doing harm. Even with these safeguards in place, users need to be careful about email that they open and not click on links or open attachments that seem at all suspicious.
Whatever your business is, large or small, you need the most up-to-date tools to protect it from illegal activity. If you’d like to learn more about how to secure and protect your data, download our free Business Owner’s Guide to Data Protection & Security.