“Memory-Scraping” Malware Developed By Hackers To Steal PINs
More personal data records were breached last year than the previous four years combined, thanks to increased hacker activity rather than insider threats.
Verizon’s second annual Data Breach Investigations Report also found that the financial services sector accounted for 93 percent of all such record compromises during 2008. The study is based on an analysis of data involving 285 million compromised records from 90 confirmed breaches, 90 per cent of which are blamed on the activities of cybercriminals.
Because the survey is based on actual cases of confirmed data breaches, rather than responses to surveys or questionnaires, it provides a much more revealing insight into cybercrime trends.
Most of the breaches (74 per cent) investigated were caused by external sources, while 32 per cent were linked to business partners. Only one in five (20 per cent) were attributed to insiders, a finding that runs against conventional wisdom in security circles. Some breaches were caused by more than one source, hence the overall figure adds up to more than 100 per cent.
The study also found that the majority of breaches resulted from a combination of events rather than a single security mistake. Two in three breaches were blamed on hackers. Typically, miscreants exploited vulnerabilities to install malware onto systems for later retrieval.
Two in three breaches (69 per cent) were discovered by third parties. Nearly all the records compromised (99 per cent) last year came from internet-connected systems, either servers or applications. The finding put concerns about mobile devices and portable media in context, the SANS Institute’s Internet Storm Centre notes.
Verizon reports that attacks targeting PIN data “exploded” last year.
These PIN-based attacks hit the consumer much harder than typical signature-based counterfeit attacks in which a consumer’s credit card is compromised. Investigators found that PIN fraud typically leads to cash being withdrawn directly from the consumer’s account – whether it is a checking, savings or brokerage account – placing a greater burden on the consumer to prove that transactions are fraudulent.
The higher monetary value commanded by PIN data has spawned a cycle of innovation in attack methodologies. Criminals have re-engineered their processes and developed new tools, such as memory-scraping malware, to steal this valuable commodity.
Bryan Sartin, director of investigative response for Verizon Business, told Wired.com that these attacks involved assaults on both unencrypted data held on insecure systems and encrypted data.
“We’re seeing entirely new attacks that a year ago were thought to be only academically possible,” Sartin said. “What we see now is people going right to the source… and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks.”
Hardware security modules, which act as a form of switch for encrypted data within bank networks, are under active attack. “Essentially, the thief tricks the HSM into providing the encryption key,” Sartin explained. “This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device.”
The class of attack has been understood in academic circles for some years (researchers at Cambridge and in Israel have published papers on it) but Verizon’s detailed study is the first evidence that it’s been used in anger.
Credit: The Register
More on CyberInsecure:
Posts
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.