By Joshua Goldfarb on August 26, 2014
What Can we do Once we Identify the Root Cause? We Can Work to Address it.
Recently, a piece of Point-of-Sale (POS) malware, Backoff POS, has become big news. I read several different write-ups on the malware, including the US-CERT alert (TA14-212A) that was released in late July. In reviewing the different write-ups, I found a good deal of information regarding post-infection Indicators of Compromise (IOCs) to help organizations assess whether or not they have been compromised by Backoff POS. The information I saw was great, and it is a good thing that organizations were able to receive such detailed IOC information. But, I must admit that I was quite surprised by what I didn’t see in any of the write-ups I reviewed. Allow me to explain.
As a practitioner, customers often ask me how they can best mitigate or reduce the risk presented by a variety of threats. Point-of-Sale malware is one of those threats, for obvious reasons. The damage to an organization, monetary, public relations, or otherwise from a breach involving the theft of payment card data can be enormous. I get many questions when I meet with customers, but questions on mitigating or reducing risk are by far the most difficult. These questions require an intimate knowledge of specific threat vectors. In other words, for a given risk or threat, I need to know how that threat can get into my organization in order to try and keep it out.
SecurityWeek/ full article here/ http://www.securityweek.com/root-cause-analysis-stop-playing-whack-mole
Login to the community
No account yet? Create an account
Enter your username or e-mail address. We'll send you an e-mail with instructions to reset your password.