Prolific Cybercrime Gang Favours Legit Login Credentials

The cybercriminal group tied to numerous payment card breaches including Goodwill and best known by its so-called “RawPOS” malware employed legitimate user credentials to access its targets’ networks. No 0days. No spearphishing. Tim Erlin, director of security and product management at Tripwire have the following comments on it.

[su_note note_color=”#ffffcc” text_color=”#00000″]Tim Erlin, Director of Security and Product Management at Tripwire :

“Using legitimate credentials is a good way to avoid getting caught. When these third-party providers are breached, it’s not their names that end up in the headlines, but the major brands affected instead.

Point-of-sale system security is a challenge for many retailers because criminals have dedicated significant resources to compromising them. Watching the network for malware simply isn’t enough. When attackers are impersonating legitimate users, organizations need to monitor all aspects of the system, from the network to each and every endpoint.”[/su_note][su_box title=”About Tripwire” style=”noise” box_color=”#336588″]Tripwire is a leading provider of advanced threat, security and compliance solutions that enable enterprises, service providers and government agencies to confidently detect, prevent and respond to cybersecurity threats. Tripwire solutions are based on high-fidelity asset visibility and deep endpoint intelligence combined with business-context and enable security automation through enterprise integration. Tripwire’s portfolio of enterprise-class security solutions includes configuration and policy management, file integrity monitoring, vulnerability management and log intelligence.[/su_box]