HOME     MENU     SEARCH     NEWSLETTER    
NEWS & INFORMATION FOR TECHNOLOGY PURCHASERS. UPDATED 10 MINUTES AGO.
You are here: Home / Cloud Computing / UPS Stores Hit by Data Breach
Build Apps 5x Faster
For Half the Cost Enterprise Cloud Computing
On Force.com
UPS Stores in 24 States Hit by Data Breach
UPS Stores in 24 States Hit by Data Breach
By Jennifer LeClaire / NewsFactor Network Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
21
2014


Big Brown has been breached. United Parcel Service (UPS) on Wednesday announced that about 105,000 customer transactions at 51 of its UPS Store locations in 24 states could have been compromised between January and August.

UPS discovered the breach in response to a government bulletin warning of a broad-based malware intrusion that traditional anti-virus software programs weren’t catching. UPS hired an IT security firm to review its systems -- and systems at its franchisees -- and discovered the breach. UPS eliminated the malware on August 11 and has posted details about which stores were affected.

The list of stores includes between one and four locations in each of the following states: Arizona, California, Colorado, Connecticut, Florida, Georgia, Idaho, Illinois, Louisiana, Maryland, Nebraska, Nevada, New Jersey, New York, North Carolina, North Dakota, Ohio, Oklahoma, Pennsylvania, South Dakota, Tennessee, Texas, Virginia, and Washington.

"I understand this type of incident can be disruptive and cause frustration. I apologize for any anxiety this may have caused our customers," said Tim Davis, president, The UPS Store. "As soon as we became aware of the potential malware intrusion, we deployed extensive resources to quickly address and eliminate this issue. Our customers can be assured that we have identified and fully contained the incident.”

Dissecting the Malware

We caught up with Aviv Raff, CTO and chief researcher at advanced threat protection firm Seculert, to get his thoughts on the UPS breach. He told us this is another example -- just like the recent Community Health Systems breach that gave hackers access to 4.5 million patient records -- of how persistent attackers were able to successfully plant their attack tools.

“Enterprises are now coming to a conclusion that they are either already compromised, or will soon be,” Raff said. “It's not a matter of ‘if,’ it's a matter of ‘when.'”

Raff pointed out that UPS basically admitted that the attackers were in its systems, undetected, for four to eight months. That, he said, shows how necessary it is for enterprises to start using security tools that are able to detect attacks not just in real time but, more importantly, over time by analyzing historical and ongoing traffic logs.

We also turned to Tim Erlin, director of IT security and risk strategy at security firm Tripwire, to get his take on the latest breach. He told us the presence of malware on point-of-sale systems and infrastructure is a clear and present threat for any retail establishment.

“Given the ongoing disclosures in the news, there’s simply no excuse for not employing the tools and tactics available to ferret out this malicious software,” Erlin said. “It’s time that we, as an industry, force the attackers to change their tactics through a more effective defense.”

Ken Westin, a security analyst at Tripwire, told us this type of malware has been successfully used in some of the biggest retail credit card breaches the security industry has seen, like Target, Neiman Marcus, and PF Chang’s.

“This family of point-of-sale malware goes as far back as October 2013,” he said. “It relies on scraping unencrypted credit card data from the memory of infected devices, much like previously seen malware.”

Consistent Security Standards

Westin called the malware itself “sophisticated” but said the method of intrusion is not. Attackers use publicly available scanning tools to detect point-of-sale systems running remote desktop applications. Then, he said, they rely on application vulnerabilities or brute forcing to gain access to systems where they installing the malware.

Finally, Dwayne Melancon, chief technology officer at Tripwire, told us the situation at UPS illustrates the challenges of managing security in a distributed, lightly managed environment.

“It is crucial that organizations adopt a consistent security standard, one they regularly assess to ensure their point-of-sales systems have not been compromised,” Melancon said. “The general trend toward continuous monitoring and standardize configurations, along with security configuration management, is a positive step. The challenge is implementing these controls quickly enough to make a difference.”

Tell Us What You Think
Comment:

Name:

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
ISACA® offers a global community of more than 115,000 IS/IT constituents in over 180 countries. We develop and deliver industry-leading certifications, education, research and business frameworks. We equip individuals to be leaders in the fast-changing world of information systems and IT - Learn More>
MORE IN CLOUD COMPUTING
Product Information and Resources for Technology You Can Use To Boost Your Business

NETWORK SECURITY SPOTLIGHT
In late breaking news on Thursday, an unnamed U.S. government official told the press that investigators have solved the vexing question of how Sony’s computer network was hacked.

ENTERPRISE HARDWARE SPOTLIGHT
Almost half of consumer, industry and life sciences manufacturers are expected to be using 3D printers within three years and now 3D printing services are aiming to help companies experiment.

© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.