FIs Under Cyberattack

By June 12, 2017CCG Insights

FIs Under CyberattackFinancial institutions operations continue to experience cyberattacks either directly or indirectly. The second credit-card breach in three years at Kmart has once again forced financial institutions, to deal with the repercussions of potential fraud involving their accountholders.

Sears Holdings, the parent company of Kmart, confirmed it experienced another malware-based data breach of its card processing systems. The company did not reveal how many of its 735 Kmart locations saw signs of a breach but said it did not affect online purchases.

“Our Kmart store payment data systems were infected with a form of malicious code that was undetectable by current anti-virus systems and application controls,” Howard Riefs, a spokesman for Sears Holding, said in a statement. “Once aware of the new malicious code, we quickly removed it and contained the event. We are confident that our customers can safely use their credit and debit cards in our retail stores.”

The statement added that based on forensic investigation, the cybercriminals did not obtain any personal identifying information (including names, addresses, social security numbers, and email addresses). “However, we believe certain credit card numbers have been compromised. Nevertheless, in light of our EMV compliant POS systems, which rolled out last year, we believe the exposure to cardholder data that can be used to create counterfeit cards is limited.”

Brian Krebs in his KrebsOnSecurity blog first reported the incident after hearing from credit unions and smaller banks who said they strongly suspected another Kmart card breach. “Some of those institutions received alerts from the credit card companies about batches of stolen cards that all had one thing in common: They were all used at Kmart locations,” Krebs stated.

In October 2014, Sears announced a similar breach not involving personally identifiable information. Krebs added, both breaches involved malware designed to steal credit and debit card data from hacked point-of-sale devices.

Meanwhile, as of June 6, the total number of breaches in the U.S. captured by the San Diego-based Identity Theft Resource Center now totals 724, an increase of 34.1% over last year’s record pace (540) for the same time period.

Of that total, 38 incidents took place at financial institutions, more than twice as many as last year for the same period and affected a reported 526,000 records. Almost all financial institution breaches did not report the number of records exposed so that number is probably significantly higher.

The ITRC 2017 Breach Report five industry sectors break down still reveals business way in front at 55.9%, followed by medical/healthcare, 21.6%, educational, 11.9%, government, 5.4% and banking/credit/financial, 5.2%.

Of course, any incident, if they included payment information, could also touch financial institution cardholders.

In addition to breaches, distributed denial of service attacks remain unpredictable and persistent and vary widely in volume, speed and complexity according to Reston, Va.-based Verisign’s DDoS Trends Report for the first quarter of 2017.

While Verisign saw a 23% decrease in DDoS attacks during the first quarter, the average peak attack size increased 26% compared to the previous quarter.

Attackers also launched sustained and repeated assaults against their targets. Verisign observed almost 50% of its customers who experienced DDoS attacks in Q1 2017 were targeted multiple times during the quarter.

The financial sector continues to be a constant target for DDoS attacks. In Q1 2017, Verisign’s financial sector customers experienced the second highest number of DDoS attacks (28%) of any industry sector within Verisign’s customer base (a large increase from only 7% during the prior quarter). IT services/cloud remained the sector with the largest number of DDoS attacks in Q1 2017.