The data in a company's operation is valuable for many reasons. In the hands of the internal staff, the company's datasets are leveraged for tasks such as: performance metrics, traffic, Profit and Loss statements, demographics and more. However, in the hands of an unauthorized actor, this information can cause more damage than imagined.
To better understand the value of a company's data in the unintended hands of a fraudulent operation, we invited Alexander Hall, owner of Dispute Defense Consulting, to share his expertise and knowledge on the damage caused by cyber attackers. Alexander has 16 years of experience in fraud prevention and the development of effective fraud prevention tactics. He focuses his work in advising corporate leaders and merchants on the importance of balancing security strategies with the customers’ experience. His activity at Dispute Defense Consulting centers around the idea of “thinking like a fraudster” before offering full-spectrum fraud mitigation services.
There are lots of fraud rings maintaining a low profile, but still causing disruption. So, Alexander tells us how high-level attackers operate. But you also need to learn the best practices to protect your range of sensitive data. Therefore, Zitec’s Security & Data Protection department joined forces with Alexander to create a comprehensive understanding on what businesses can do to protect their assets. Security breaches, cyberthreats, viruses, and non-compliance harm a business’ operations and reputation. Yet, our Security team has the necessary expertise to prevent these incidents. We offer qualitative audit and techniques that ensure top notch protection and safety for your software and infrastructure.
Ready to plunge into this joint article? Let’s begin.
Data and breaches equals valuable information
First things first. One very important question that Alexander emphasizes upon is "what happens if our data gets into the wrong hands"? Here’s what our industry expert has to say about it:
Consider the landscape of commerce today. The sanitary events of 2020 forward only served to speed up the shift from in-store to eCommerce. This resulted in numerous online transactions, and hence, in numerous accounts created. However, what all these accounts, no matter the industry niche for which they were used - banking, retail, crypto, iGaming, insurance - have in common is this very simple but dangerous element:
The user is usually typing their data into a form.
And cyber attackers have made their professional goal to exploit this fact.
“Simply put, fraudsters gain access to or create accounts using stolen information”, in Alexander’s own words.
In addition, they also take advantage of companies’ offerings, while operating under false pretenses. Cyber attackers target various scenarios using stolen data:
🔸 Bank and crypto accounts are used for money-laundering and wire transfer fraud;
🔸 Stolen sets of payment information are used on eCommerce websites;
🔸 A combination of personal identifiable information (PII) and stolen payment information. Attackers use this to establish expensive services only to be refunded into mule accounts;
🔸 Breached login information is used with accounts from across the marketplace to exploit good accounts.
And thus, fraud operations begin…
So what exactly is a cybercriminal looking for? When we talk about a fraud operation, we can think of one paramount category that is exploited: the payment information:
As the name suggests, this category includes the payment details required for checkout.
We talk here about: credit/debit card numbers, track information, expiration dates, CVV codes, billing addresses and check information.
Credit card information has 2 sets of data:
🔸 Track information is the data encoded on credit/debit cards. Malicious actors steal it via skimming. They encode it onto other magnetic strips and then use this data for in-store purchases.
🔸 CVV's are the digital counterpart. This means the information required to checkout using an online form. Specifically, the credit/debit card numbers, expiration dates, CVV, billing address information etc.
If you wonder about the exact steps a fraudster undertakes, Alexander explains this in few words. “Bad actors copy the encoded data from the victim's card using a skimmer or card reader. Then, they transfer it to a word document (notepad, wordpad etc.) and separate it into two ‘tracks’. Each track holds data needed to initiate a transaction at an in-house point of sale. After that, the data is written to another card (or cards) by using a reader/writer (like an MSR606). Fraudsters leverage their knowledge of BIN numbers to discern between credit and debit card. This is important because credit cards can be used with signatures and debit cards require PIN information". But do you know can actually suffer from this? Everyone in the in-store environment.
How do cybercriminals obtain the information?
Breaches are taking place across the global network. Financial institutions, fintechs, telephone service providers, subscription-based companies, healthcare providers and more have fallen victim to cybercriminals’ methods. Let’s find out how:
🔒 Scammers target consumers directly. They use social engineering, phishing/smishing/vishing, romance scams/"pig-butchering", crypto scams, secret shopper scams, and many more. The objective of these scams? Either:
🔸 coercing the victim to make payments to fraudulent payment forms or
🔸 engaging with a victim for some time to build the so-called "Profiles". These are a set of personal information (such as Social Security Numbers, name, address, birthday etc.) centered around one compromised identity. Hackers use profiles to create new accounts, hijack established accounts etc.
🔒 Moving up the commerce chain, cyber attackers target eCommerce companies in similar ways: via hacking, social engineering and phishing attempts. In 2022, a ring of cybercriminals exploited a known website vulnerability and installed credit card skimmers on hundreds of eCommerce websites. Effectively, they stole payment data obtained during checkout.
🔒 Data breaches in the healthcare industry hit an all-time high in 2021. This impacted the sensitive data of 45 million people. Many methods contributed to this metric. But, social engineering and phishing were the most common.
🔒 In the banking/finance sector, data breaches are most valuable for fraud operations. Bad actors will attempt every method with varying results, and stacked until they achieve success. These breaches have the potential to grant cybercriminals access to credit card application form data, login information, driver's license information, credit card information and more.
En route security & data protection solutions
Up until now you discovered the cost of fraud. Yet, what can you do to protect your business? To answer this question, Zitec’s very own Security & Data Protection team explains the strategy items you can employ to keep fraud from happening.
Looking through the lens of fraud prevention, it is needless to mention the importance of cybersecurity. Let’s only bear in mind that according to a study made by Google in 2022, phishing attacks cause 80% of the reported security incidents. Likewise, incidents involving brute force or the use of lost or stolen credentials total 80% of the hacking data breaches. To prevent and mitigate risks, businesses and their employees must be aware of how to identify security incidents, to avoid potential attacks and properly respond to these events.
However, in case cyber attacks occur, here are some strategies and solutions to employ for business protection:
Prevent, detect and respond to software safety threats
🔑 Web Application Firewall
This security system protects web applications by monitoring and filtering HTTP traffic between a web application and the Internet. It is efficient in identifying attacks including cross-site-scripting (XXS), SQL injection and command injection, among others. By deploying a WAF, a business creates a protection shield on the existing infrastructure and an extra layer of defense against data breaches.
🔑 Threat modeling
Via this technique, security experts identify any cyber threats, the existing attacks, the vulnerabilities and any inefficient protection measures that can affect the web application. The scope of this method is to implement a robust and holistic application, with strong functionalities. In this phase, security teams discern all the possible attack scenarios, while establishing a protection method for each incident. Adina Nichitean, Security & Data Protection Manager at Zitec, explains: “We perform this type of exercise during the design phase of new applications and systems or in case new major functionalities are added to existing apps. Recently, we worked for a customer in the financial industry, and our threat modeling approach represented a great way to raise security awareness and to increase collaboration inside the team.”
🔑 Vulnerability management
This security process identifies, categorizes, prioritizes and solves vulnerabilities in operating systems (OS), enterprise applications (in the cloud or on-premises), browsers and end-user applications. A vulnerability management method focuses on any vulnerability that can be remediated through patching and configuration of security settings.
🔑 Regular penetration testing
A pentest usually uncovers security vulnerabilities and weaknesses that may cause safety risks to any company, its assets and users, before real attacks. Thus, security experts simulate real cyber attacks against company’s systems: applications, servers, services or devices. Considering the sensitivity of data, organizations should perform pentesting at least once a year. This will ensure more consistent network security, as well as a strong IT management process.
“If you are curious about what it means to run a pentest and what types of vulnerabilities or risks it can uncover, take a look at our Story of a voluntary pentest exercise.”, Adina Nichitean.
🔑 Network security assessment
Any web server, whether we're talking about Windows or Linux, is prone to vulnerabilities. When exploiting a server, an attacker seeks to gain privilege on that particular system and to perform a lateral movement to other systems. However, to avoid this from happening and to limit any successful threats, businesses must have an accurate overview of their internal network. This will help them take the necessary actions to mend the affected systems and to prevent any lateral movement conducted by malicious actors. The security actions taken to ensure that an attack is contained is known as "the defense in-depth principle".
🔑 Security training and awareness
Last, but not least, to stop attackers, employees need to be aware of cybersecurity techniques. Keeping pace with the threat landscape and helping employees understand their role in combating breaches is pivotal in any organization. A step forward in staying protected is to be aware of spear phishing emails, phishing campaigns and attacks based on social engineering. “We addressed our latest training to software developers, and it covered aspects on how to find and review security hotspots and detect vulnerabilities and injection flaws. It helped them understand the fundamental lessons of application security and how they can integrate those lessons in their code”, said our Security & Data Protection Manager.
In a nutshell
The cyber ecosystem is a continuously expanding entity. On a daily basis, we see new technology, processes and new formed system infrastructures. However, this forces security experts and businesses alike to keep up their game in preventing threat actors to gain unauthorized access or privileged control to an application, service, endpoint, or server. Security experts discover new threat vectors and digital vulnerabilities daily. While this happens, organizations need to patch their operating systems (OS) and reconfigure their security settings. Therefore, companies should emphasize on the criticality of protecting their organization, their data assets, or web applications.
So, crafting a good security defense is what keeps your data safe. The question now is: what do you do to prevent attackers from performing their job?