Go to:

March 2019
< Feb Apr >
Leaguer Email Subscription

You are not currently subscribed. Click Subscribe below to receive the Leaguer email.

FS-ISAC Advisory Warns Merchants of Remote Access Attacks
Monday, July 13, 2015 6:35 AM

A new Financial Services Information Sharing and Analysis Center (FS-ISAC) advisory discusses the security of merchant card payment systems at risk of remote access attacks. The advisory was prepared in collaboration with the Retail Cyber Intelligence Sharing Center and the U.S. Secret Service with the support of Visa, Inc.

The advisory says that many retailers purchase a card payment processing system customized to their industry. The providers of these systems have methods to remotely access these systems to provide support and updates. Those systems have been successfully exploited in the past, leading to the need for a multifactor authentication for remote access; but too often this added layer of security is not configured in remote access platforms, making it a common target in past data breaches.

The advisory lays out recommendations to help mitigate risk and limit the success of attacks and their impacts, including:

  • Require corporate users who typically access a network to change login credentials periodically, including the use of complex passwords. Group accounts and passwords should never be used;
  • Set user accounts to automatically disable if unused, typically after 90 days of inactivity. Administrator accounts could automatically disable in a shorter amount of time;
  • Monitor remote user account for login abnormalities such as frequent failed login attempts, or very long or short login sessions;
  • Disable unnecessary services that support remote access when not required; and
  • Segregate the payment processing systems from remote access applications when possible.