A recent feature in the Sacramento Bee examines the rise in cyberattacks against smaller businesses and a shift noted by security firms in attack vectors, targets, and modi operandi. The article also indicated cybercrooks’ goals are often the harvesting of credit and debit card information they can sell online. The article referenced the breach of Raley’s supermarkets, a chain in Northern California, that was announced earlier this month.
From the article:
It’s part of a shift from mass attacks by computer viruses, worms and other cyberthreats to more pinpointed, targeted infiltrations, say online security experts. The attackers, often located overseas, “find this method more effective because it allows them to fly under the radar and avoid drawing widespread attention to their malware,” Brian Burch, vice president of consumer and small business marketing at Symantec, said in an e-mail.
In Raley’s case, the grocery chain announced June 6 that it was notified by a major credit card company about “questionable activity” connected to its computer network. After that announcement, a number of Raley’s shoppers reported that their bank or credit union had alerted them to fraudulent charges on their credit cards.
In 2012, computer security experts identified a new type of widespread targeting, known as a “watering-hole” attack. In that scenario, cybercriminals seek to electronically invade a group or organization by noting the kind of websites the intended victim frequently visits. When a weakness is detected in one of those sites, it’s injected with malware or spyware, which then infects the entire group.
According to Symantec, one watering-hole attack last year infected 500 organizations in a single day.
Click here to read more from the Sacramento Bee.