June 10, 2015
Cyber criminals continue to evolve their tactics. As businesses and individuals get smarter and improve their security posture, attackers respond by modifying their methodologies.
In this brief we look at examples of how cyber criminals leverage intrusion tactics to capture personal and financial data.
1. Manually Targeted Attacks: One at a time
Receiving an email from a financial institution to verify identity or account information by clicking a link and inputting personal data seems legitimate right? Think again. Cyber criminals design seemingly authentic websites to “verify” personal identity or account details. Tricking victims into revealing confidential information is the goal. What are the consequences for falling for this intrusion tactic? Victims literally show the enemy their cards.
2. Automating with Malware: The Web Effect
Cyber criminals “up the ante” by sending out mass key-logging malware that spreads to a victim’s contacts. This exponentially increases the opportunity to spread and infiltrate more systems. A common exploit of key-logging malware is to capture a user’s keystrokes during online purchases. Users are often not aware they have fallen victim to this cyberattack.
3. Targeting the Database: Stealing in Bulk
Why not go directly to where all the financial or personal data is stored? Cyber criminals see a greater opportunity when targeting databases rather than individuals. Any proprietary data is a target. This was proven true with a recent breach in the healthcare industry where 78.8 million personal healthcare records were compromised.
4. Skimming Devices: Physical Attacks
Consumers have a false sense of security when using physical cards. ATM’s, point of sale machines, and gas pumps are an additional channel cyber criminals use to capture card data. Skimming devices may be discretely attached to payment terminals in order to capture card data. Cyber criminals can now duplicate your card with ease to sell or use at their disposal.
5. Mobile Device Attack: The New Frontier
A shift is occurring. Emerging mobile payment products like Apple Pay and NFC technologies create new channels filled with both convenience and risk. As more consumers migrate from physical cards to virtual wallets, mobile devices and the infrastructure which supports them will become a new target for cyber criminals.