PoS Cyber Attacks Up In 2013

A third of data intrusion investigated by security firm Trustwave last year involved compromises of point-of-sale (POS) systems and over half of all intrusions targeted payment card data.

Even though POS systems remained a significant target for attackers, as suggested by several high-profile data breaches disclosed by large retailers over the past six months, the largest number of data theft incidents last year actually involved e-commerce sites, Trustwave said Wednesday in a report that compiled data from 691 data breach investigations conducted by the company around the world.

E-commerce intrusions accounted for 54 percent of investigated data breaches and POS system intrusions accounted for 33 percent, Trustwave said. A separate report published by Verizon in April also pointed to Web application and PoS attacks as leading causes of security incidents with confirmed data disclosure last year.

According to Trustwave, over half of intrusions targeted payment-card data, with such data being stolen from e-commerce transactions in 36 percent of incidents and from POS transactions in 19 percent of attacks.

In Western Europe in particular, where countries have rolled out EMV — chip-and-PIN payment card transactions — cybercriminals shifted their focus from POS devices to e-commerce platforms, said John Yeo, EMEA Director at Trustwave. “EMV has changed the pattern of compromises when it comes to payment-card-specific data.”

However, a significant increase in the theft of sensitive, non-payment-card data, was also observed last year. This data includes financial credentials, personally identifiable information, merchant ID numbers and internal company communications, and was stolen in 45 percent of incidents, Trustwave said in the report.

Customer records containing personally identifiable information can possibly be used to perpetrate identity fraud and are sought after on the black market, so that’s why there’s been an uptick in attacks focusing on such data, Yeo said.

Only about a third of victim companies were able to self-detect data breaches, Trustwave found. In 58 percent of cases, breaches were identified by regulatory bodies, the credit card companies or merchant banks.

Source

Bonets Attack U.S. Banks

Evidence collected from a website that was recently used to flood U.S. banks with junk traffic suggests that the responsible parties behind the ongoing DDoS attack campaign against U.S. financial institutions — thought by some to be the work of Iran — are using botnets for hire.

The compromised website contained a PHP-based backdoor script that was regularly instructed to send numerous HTTP and UDP (User Datagram Protocol) requests to the websites of several U.S. banks, including PNC Bank, HSBC and Fifth Third Bank, Ronen Atias, a security analyst at Web security services provider Incapsula, said Tuesday in a blog post.

Atias described the compromised site as a “small and seemingly harmless general interest UK website” that recently signed up for Incapsula’s services.

An analysis of the site and the server logs revealed that attackers were instructing the rogue script to send junk traffic to U.S. banking sites for limited periods of time varying between seven minutes and one hour. The commands were being renewed as soon as the banking sites showed signs of recovery, Atias said.

During breaks from attacking financial websites the backdoor script was being instructed to attack unrelated commercial and e-commerce sites. “This all led us to believe that we were monitoring the activities of a Botnet for hire,” Atias said.

“The use of a Web Site as a Botnet zombie for hire did not surprise us,” the security analyst wrote. “After all, this is just a part of a growing trend we’re seeing in our DDoS prevention work.”

Source…

Is E-Commerce Next For Facebook?

A group of e-commerce start-ups, backed by some of the tech world’s most respected financiers, are hoping that Facebook Inc will become an e-commerce powerhouse to rival Amazon.com Inc and eBay Inc.

As the world’s largest social network moves toward a $5 billion initial public offering, it will come under more pressure from Wall Street to generate new sources of profit growth and reduce its reliance on advertising, which accounted for 85 percent of its 2011 revenue.

Some entrepreneurs and investors increasingly think “f-commerce” – meaning e-commerce on Facebook – is the answer. Start-ups such as BeachMint, Yardsellr, Oodle and Fab.com are coming up with novel ways to persuade Facebook users to not just connect with friends on the social network, but to shop as well.

Backed by tens of millions of dollars from venture capital firms like Accel Partners and Andreessen Horowitz, and other big investors like Goldman Sachs, these start-ups are pushing out shopping apps, hosting online garage sales and testing out new business models on Facebook.

“E-commerce is a huge category with very strong tailwinds and it’s a natural move for Facebook,” said Sam Schwerin of Millennium Technology Value Partners, which owns Facebook shares and has a stake in BeachMint.

Amazon revolutionized online shopping by crunching lots of customer and purchase data to come up with relevant, personalized recommendations. In the same vein, Facebook’s combination of data, analytics and payment technology could fuel the next generation of e-commerce, Schwerin said.

Source…

Will eBay Cozy Up With Facebook?

EBay Inc is attempting to strengthen its relationship with social network leader Facebook at a developer conference this week, a person familiar with the e-commerce company said on Tuesday.

EBay will also debut a new online identification service for shoppers named PayPal Access, the source added.

The company expects almost 4,000 people to attend its X.commerce conference in San Francisco on October 12, 13 and 14. The event marks the official launch of the company’s new X.commerce division, which will target e-commerce software developers.

EBay is trying to encourage outside developers to create applications for its e-commerce platforms and is making a particularly strong push in mobile commerce.

At the end of September, Katie Mitic, head of Platform and Mobile Marketing at Facebook, joined eBay’s board of directors, sparking speculation that the two companies were working on new partnerships.

Mitic is scheduled to be one of the keynote speakers at the X.commerce conference on Wednesday. Facebook Platform, which Mitic helps run, is the company’s developer unit, so any new partnership will focus on this area, the person said on condition of anonymity because the plans aren’t public yet.

Source…..

« Previous Page