FireEye Retail Security
Skilled cyber criminals are targeting you right now
They want your customers’ identities and financial data. They want to ruin your reputation and ability to compete. Fortunately, you can defend yourself.
The FireEye Adaptive Defense approach combines proprietary technology with threat intelligence and extensive experience to prevent, detect, and respond to advanced cyber attacks.
Clean Up on Aisle Four: How Attackers Exploit Retailers’ Networks for Financial Gain
Retailers are a favorite target for cybercriminals. Credit card data is a lucrative asset and can be quickly monetized. High-traffic periods such as the holiday shopping season encourage attackers to invest in schemes that can be reused across multiple retailers for maximum profit.
How Do Attackers Get In?
Attackers invest in elaborate schemes to compromise retailers. The initial attack vector includes all of the usual suspects: spear phishing, drive-by downloads, SQL injection, and more. Here’s one example that Mandiant, a FireEye company, saw in a recent investigation.
What can you do?
- Manage Privileged Accounts
Each system in your PCI environment should have its own unique local administrator password. Employ the principle of “least privilege” to all account and group permissions, including the service accounts. - Encrypt Cardholder Data
Consider a POS solution with end-to-end asymmetric encryption, starting at the PIN pad reader. - Actively Monitor
Monitor your PCI environment regularly for abnormal activity, such as suspicious logons, creation of unexpected files, or unusual traffic flow. - Segment Networks
Separate any system that handles cardholder data from the rest of your corporate environment. Require two-factor authentication for access to the PCI environment. - Secure Endpoints
Ensure that all critical systems in the environment implement application whitelisting. Patch all third-party applications and operating systems, and consider implementing a file-monitoring solution that tracks when files have been created on a system.