Your IT staff works hard to secure all payment card systems and applications; locking down workstations, implementing firewalls, updating anti-virus software, etc. But, with limited time and resources, and all of the focus on protecting critical systems, have you inadvertently overlooked other less obvious applications that are also connected to your internal network?
Cyber criminals are continuing to adopt more innovative methods to hack organizations and avoid being detected while doing so. Rather than launching an attack against infrastructure they know is protected and routinely monitored, criminals may look for an alternate route in. If they can find a point of entry that has potentially been neglected, they may be able to use the data found there to access other systems.
In the initial stages of what has been termed a “pivot attack”, hackers will search organizational systems (or other third-party applications) to find a gap, any gap, in security. Once they have control of a connected device or application, they then use the information found on those systems to “pivot” or move to systems hosting more critical data.
Outdated technologies or legacy systems can often leave organizations vulnerable in this way. But sometimes the cost and inconvenience of moving from legacy systems can make it a challenge to justify the upgrade. In August, we issued an Alert regarding a breach of the Micros Customer Support Portal that allowed hackers to steal login credentials that could potentially be used to access organizations’ Micros Point of Sale systems. Fortunately, many organizations have partnered with a Value Added Reseller (VAR) to manage their Micros equipment and were not affected. However, it is still important to monitor your third-party relationships and remote service sessions, and ensure that they maintain secure configurations and install all critical patches in a timely manner.
If you are managing your own environment, there can be a number of alternate points of entry that need to be protected. Maintaining current network diagrams is an important first step as this will help you identify any potential weaknesses and gain an understanding of how less-critical systems and applications may actually provide a path to your data. Each time a new connection is made or the firewall configuration is changed, follow a formal approval and testing process to prevent security problems created by an accidental misconfiguration.
Additionally, logging, file integrity monitoring, and behavior analytics also play a huge role in detecting this type of attack. By reviewing logs daily and looking for abnormalities, you can identify and detect potential attacks before they are able to do significant damage. For example, why would a user from Human Resources be trying to remotely access a computer in Accounting at 4:00am? This may be a hacker using the HR employee’s stolen login credentials to penetrate other systems in search of payment card data (or personal health information, social security numbers, etc.).
It only takes one vulnerability to expose sensitive information. Verify your cardholder data environment is securely segmented from other networks and the appropriate security controls are in place. And while you should focus your attention on locking all doors (aka. critical systems) first, don’t forget to check the windows before you go to sleep at night.
Some additional guidance from our Security Advisor team below:
Henninger: Keep in mind that some of the largest breaches were caused by the simplest methods of access: Pringles cans, look-alike maintenance crew shirts, HVAC access…Oh My! Yes, lock your doors and windows, but make sure you also don’t forget about the simple things. Implementing thorough, detailed policies and procedures, and sticking to them can save your bacon!