For a business to be targeted, there needs to be something of value to exfiltrate. The attackers are not going to go through the effort of the full attack cycle for practice. If there were to happen to be a breach, there should be tools in place monitoring activities so the attacker’s actions would be noticed and halted.
An incident occurred in Europe on their railway system. If you happen to be travelling on the rail in Europe, naturally the traveler has to purchase a ticket. This process includes the usual information with credit card numbers, full legal name, mailing address, email, and phone numbers. This information in its entirety would provide for a nice target for any attacker. This sensitive data used in unison could provide for a fair number of successful attacks.
Such an incident occurred in late 2017. On November 29, 2017, the Rail Europe system was breached. If this was not bad enough for a scenario, the attackers had accessibility from the breach (November 29, 2017) through February 16, 2018. During this time, the attackers had time to exfiltrate the PII and data they desired. To further worsen the situation, Rail Europe was not aware they had been breached. A bank affiliated with RENA noted this and informed the company. The number of affected clients was unknown. The number could be rather substantial, as RENA had transactions with 5M Americans.
The recommendation at this point is for RENA customers to change their password and watch their accounts. There is also identity theft protection available, which over the long-term may not have a substantial amount of value, as the attackers would be able to use certain data indefinitely, not just a year.
The vulnerability involved the webpage used by the clients. This was infected by malware coded to log the client’s information, including the debit and credit card numbers, expiration date, and the important CVV numbers.
There are several areas to focus on with this compromise. Primarily, the lesson would be to monitor the logs, network, and access. The business should have known something was occurring with the network over the three months of exfiltrating so many records (https://www.informationsecuritybuzz.com/expert-comments/rail-europe-customer-data-breach/). This amount of traffic should have been noticed on some level at some junction of time.
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.
Share on Facebook
Share on Twitter
I'm busy working on my blog posts. Watch this space!