From the Data Breach Summary:A strange pattern of escalating payment card fraud prompted a cyber insurance carrier to begin investigating one of its own clients – an oil and gas company – which owned and operated a chain of retail service stations, referred to as "Dixie Boys Truck Stop” (DBTS). A thorough inspection of both network and terminal data yielded no evidence of an external attack. And, with no malware discovered and no proof of card skimming at the cash registers or fuel pumps, investigators quickly turned their attention to possible insiders. In an attempt to catch the bad guys in the act, investigators implemented keystroke loggers, file integrity monitoring, and playback recording of remote support sessions. Within a matter of days, the traps paid off and investigators were alerted to suspicious activity coming from DBTS’ IT and POS support vendor. In the end, the investigation team’s efforts uncovered that one of the support vendor’s helpdesk staff was perpetrating the fraud. By modifying a configuration file, the perpetrator was able to capture clear text authorization requests from each fuel pump – including enough mag-stripe data to conduct fraudulent transactions – and all while using his boss’ computer to cover his tracks.
Want to take your vulnerability management game to the next level? Download our latest white paper, Change the Game in Vulnerability Management, Download now
How an Orchestrated Cyber Defense can Minimize Risks Like ThisTo help prevent or minimize risks associated with similar attacks, BeyondTrust recommends an integrated security approach that includes BeyondTrust and 3rd party solutions. Technologies Integrated:
- Server Least Privilege
- Windows Least Privilege
- Vulnerability Management
- Password Management