Page 12 - GS170701
P. 12
NewsBriefs
bus financial reform package passed in response to the 2008 financial melt- of traffic to exploit kit landing pages,
down and ensuing major recession. In addition to revamping the CFPB, the Trustwave found. An exploit kit is
report calls for better overall coordination among financial regulatory agen- software designed to locate system
cies, easing restrictions on bank trading operations, scaling back banks' annual vulnerabilities. Trustwave forensics
stress tests, and simplifying regulation of small banks and credit unions. discovered an alleged undisclosed
Windows zero-day vulnerability and
Global cybersecurity trends a mixed bag exploit code for sale in 2016 at an ini-
New data from Trustwave Holdings Inc. forensics investigations indicates that tial price of $95,000; a zero-day vul-
despite efforts to increase POS data security following the U.S. EMV (Europay, nerability is a hole in software code
Mastercard and Visa) mandate in 2015, adoption has been slow, and payment undetected by the vendor.
card data remained a target in 63 percent of the data incidents perpetrated New malware targets IoT routers
globally in 2016. As of November 2016, only 38 percent of U.S. transactions used
EMV technologies, Trustwave noted. Security analysts are warning early
Internet of Things (IoT) adopters to
According to the 92-page 2017 Trustwave Global Security Report, the North enhance the security of Universal
American region and the retail sector accounted for 49 percent and 22 percent Plug and Play (UPnP) routers and
of total breaches, respectively. Next in line regionally were Asia-Pacific (21 hubs in their connected homes due
percent); Africa, Europe and Middle East (20 percent); and Latin America (10 to recently detected malware attacks.
percent). Just behind the retail sector, the food and beverage industry was The malware, known as Pinkslipbot,
targeted in nearly 20 percent of data breaches committed globally. is a variation of a known malware
scheme designed to attack firewalls,
Trustwave determined that progress has been made in breach detection and lock out system users and disrupt en-
containment; detection time dropped from 80.5 days to 49 days year-over-year. terprise directories, analysts stated.
The time from detection to containment dropped from 13 days to 2.5 days.
However, median time from cyber intrusion to containment remained stable at Don Duncan, Sales Engineer - East-
62 days versus 63 days in 2015. Malicious advertising remained the top source ern at NuData Security, said the
malware is a derivative of QakBot, a
form of malicious code that has been
actively infecting networks for more
Let Be Your EMV Expert! than 10 years.
Your EMV Eco-System Made Affordable! "Pinkslipbot is extremely persistent,
and essentially, anyone with fast In-
eProcessing Network has the secure, payment solutions to help you stay current with the ternet and open ports on an Internet
technologies that keep your merchants connected. And with real-time EMV capabilities, gateway device using UPnP is vul-
retailers can not only process contact and contactless payments, Apple Pay and Android Pay, nerable to it," he said. "Pinkslipbot
they’re able to manage their inventory as well as balance their books via QuickBooks Online. detects available ports, infects ma-
chines behind the firewall, and re-
lays information to C&C [Command
and Control] servers. In the short
term, it's important that 'local port-
forwarding rules' be monitored, and
is EMV-Certified UPnP should be turned off if the user
doesn't need it."
Duncan urged network operators
to implement behavioral biometrics
to create additional barriers around
UPnP routers and hubs.
International cooperation leads
to arrest of 73 cyber-criminals
Fraudsters are relentless and ever
more sophisticated in their attacks on
the world's financial networks. How-
ever, security experts are also relent-
1(800) 296-4810 less and ever more sophisticated in
© eProcessing Network, LLC. All Rights Reserved.
eProcessingNetwork.com All trademarks are the property of their respective holders. their work to protect our systems.
12
