Can you tell me what went wrong in the Global Payments breach? Any lessons for other enterprises that fall under...
By submitting your email address, you agree to receive emails regarding relevant topic offers from TechTarget and its partners. You can withdraw your consent at any time. Contact TechTarget at 275 Grove Street, Newton, MA.
Ask the expert!
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Brian Krebs, who chronicled the Global Payments data breach on his blog, reported the breach of the payment card processing firm went as far back as January 2011 and may have included more than 10 million card numbers. Global Payments issued a press release stating 1.5 million card numbers may have been exposed.
There have been few technical details released by any of the reports as to the source of the breach. Global Payments stated that it believes the incident has been contained. Krebs reported that Global Payments was compromised by attackers in 2011, though it switched to a different hosting company in 2012, when the attackers bypassed the end-to-end encryption Global Payments employed. The attackers stated they were able to bypass the encryption by gaining full access to the systems where card numbers were decrypted. The attackers also stated they went back every month to retrieve the captured data.
Global Payments could have moved hosting companies in an effort to eradicate the attackers from its network, but this seems unlikely unless Global Payments rebuilt all of its systems in use, reset all passwords, and re-secured all of its systems. Changing the hosting provider and potentially changing the IPs in use, but not performing the other actions, makes it difficult to prevent attackers from reentering its systems or maintaining an existing data exfiltration effort. Other enterprises that must comply with PCI DSS will only learns lessons from this data breach when Global Payments releases more details, but no new technical details have been released as of September, 2012. Many of the actions by the attacker could have been detected by careful review of logs or instrumentation of Global Payments' network security monitoring.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.