Forbes reports that Kmart is the latest company to have been targeted for a cyber attack. Recent attacks have hit retail giants The Home Depot, Target, JPMorgan-Chase, Dairy Queen and Neiman Marcus.
“Based on the forensic investigation to date, no personal information, no debit card PIN numbers, no email addresses and no social security numbers were obtained by those criminally responsible. There is also no evidence that kmart.com customers were impacted. This data breach has been contained and the malware has been removed.”
However, they went on to say
“If customers see any sign of suspicious activity, they should immediately contact their card issuer and our customer care center at 888-488-5978.” So were customers impacted or not?
Kmart are now working with an IT Security firm to find out how the breach happened (on Oct 9 2014) and with law enforcement to catch the hackers.
Earlier this year, the DHS released an advisory regarding a malicious software package. “Backoff” has been used by hackers to affect point of sales systems of major retailers. The DHS also said that Backoff had infected over 1,000 businesses. It seems that the Kmart event may have been caused by a different version of the malware which their antivirus software couldn’t deal with.
Why Are Hackers So Successful?
A few years back, such attacks would have been far too expensive to contemplate. Now, it’s much easier and less expensive for them. The flip side is that it’s becoming more difficult and more expensive to keep protecting technology.
There Is Good News for Security
A company called Dispersive Technologies is applying security used in military communications and using it to protect the internet. Their innovative approach has made it much harder for even the most determined hacker to break through. The best part is that they have developed a way of keeping ahead of the hackers.
Many hackers employ ‘Man in the Middle’ (MiM) attacks. This is basically eavesdropping. The hacker makes a connection with the victims at each end and sends messages from one to the other, making them think they are talking over a private connection. However, the hacker is controlling the whole conversation. Robert Twitchell, CEO of Dispersive Networks says
“The man-in-the-middle attack is tough, and encryption is the key defense. The problem is that with today’s parallel processing power, all encryption is easy to crack.”
Prevention technologies for encryption based MiM, include Transport Layer Security (TLS) – which was previously called Secure Sockets Layer (SSL) – and Virtual Private Networks (VPNs) which are point to point. However, the digital world is now much more complex which now necessitates secure communications that are end to end and traffic may cross nodes which are become weaker points that MiM attacks love to target.
Jothy Rosenberg, Technical Director for research into cyber security at BAE Systems (defense contractors) says
“MiM attacks can be mounted just by figuring out the SSL or VPN termination point. You fix the whole thing with Dispersive by going end-to-end.”
Virtual Dispersive Networking (VDN)
This is Dispersive’s version of cyber security that was inspired by military radio spread-spectrum security . This is where radio frequencies are randomly rotated or communications traffic is split into many streams. Only the receiving radio is able to put them back together again. With VDN, the internet becomes the platform for communications.
Meets the Needs of the Military
With the ever present terrorist threat, Dispersive’s first customers are the Military and Government agencies. These organizations need multiple layers of current security. But that technology must increase security as time goes by to keep one step ahead of the hackers. Dispersive is able to offer both. They also encrypt component messages. Twitchell adds
“We put routing on servers, computers, even mobile phones.”
Organizations don’t need firewalls now as any device on the internet can be used as a “deflect” – Dispersive’s name for an impromptu device for routing.
Data “Roll” To Optimum Paths
This randomizes which paths the messages will follow as it avoids congestion or other problems that might be affecting the network. This gives potential hackers a lot more work.
Dispersive’s new approach will make MiM attacks much more difficult – which will deter hackers and give Dispersive even more time to just keep that one step ahead.