Root Cause Analysis: Stop Playing Whack-a-Mole

  • 26 August 2014
  • 0 replies
  • 542 views

Userlevel 7
By Joshua Goldfarb on August 26, 2014
 
What Can we do Once we Identify the Root Cause? We Can Work to Address it. 
Recently, a piece of Point-of-Sale (POS) malware, Backoff POS, has become big news. I read several different write-ups on the malware, including the US-CERT alert (TA14-212A) that was released in late July. In reviewing the different write-ups, I found a good deal of information regarding post-infection Indicators of Compromise (IOCs) to help organizations assess whether or not they have been compromised by Backoff POS. The information I saw was great, and it is a good thing that organizations were able to receive such detailed IOC information. But, I must admit that I was quite surprised by what I didn’t see in any of the write-ups I reviewed. Allow me to explain.
As a practitioner, customers often ask me how they can best mitigate or reduce the risk presented by a variety of threats. Point-of-Sale malware is one of those threats, for obvious reasons. The damage to an organization, monetary, public relations, or otherwise from a breach involving the theft of payment card data can be enormous. I get many questions when I meet with customers, but questions on mitigating or reducing risk are by far the most difficult. These questions require an intimate knowledge of specific threat vectors.  In other words, for a given risk or threat, I need to know how that threat can get into my organization in order to try and keep it out.
 

SecurityWeek/ full article here/ http://www.securityweek.com/root-cause-analysis-stop-playing-whack-mole

0 replies

Be the first to reply!

Reply