2010 was a year of varied security trends, with TrustWave’s head of SpiderLabs, Marc Bown, saying that e-commerce, ATMs and unprepared merchants are at the centre of attacks.
At the AusCERT conference on the Gold Coast, Bown outlined findings from the security firm's global security report, describing five major trends from the local region.
Australia is unique
Rather than taking a whole world perspective on security breaches, Bown said that the local region has experienced a variety of different attacks dissimilar to security threats in the United States.
“There are significant differences between the types of compromises that happen in Australia compared to the US,” Bown said. “[Bank] cards in Australia are chip-enabled and that is normally harder for hackers to make a counterfeit card.”
E-commerce makes for an easy target
“Last year the majority of targets were e-commerce,” Bown said. “This relates to the fact that having a copy of the magnetic strip off a credit card won't be enough to create a fake card.”
Merchants are unprepared for attacks
“Another interesting trend we’re tracking is who is responsible for the system that is compromised? It’s often an outsourced system rather than a merchant's,” Bown said.
“We need to be aware of who our service providers are and make sure that they are doing what they say they are doing.”
Eastern Europe is the malware hot spot
“The next thing to talk about is where these attacks are coming from, and largely they are coming from Eastern Europe.
“We know from our work with the US Secret Service that these IP addresses are not genuine ones.”
ATMs are the next target
“ATMs are a desirable [target] - its a box full of money - it’s easier [for hackers] to get caught, but they’ve developed ways where those undertaking the attacks don’t have to be there to steal any money,” he said.
“The attacks take either malware forms or they’re network based where the attackers are logging onto the ATM - we need to dig deeper and understand that an ATM isn’t necessarily secure.”
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.