Yesterday, online giant Target disclosed that approx 40 million of their customers could be impacted by a breach. The stolen data is reported to include customer names, credit and debit card numbers, card expiration dates and the three-digit security codes located on the backs of cards. This seems like a huge breach involving a large number of users; is it the worst breach ever? No. But bad timing indeed for holiday shoppers. Historically, the holiday season is the feasting time for scamsters and attackers as the likelihood of exploiting unsuspecting buyers is much better.
To confirm that this is indeed bad news, today stellar investigative reporter Brian Krebs mentioned that the stolen credit cards are already in the underground market. This is clearly puts users in a quandary.
So this is Target’s fault? They probably have some blame to share – no doubt. Details of the exact cause are not yet public. However, the bigger problem is – we all know that this is likely to happen again as it has in the past.
The seasonal attacks rung a bell and I took a quick look at the last the few zero days during the holiday season, the numbers are indeed startling. In the past 9 years at least one zero day vulnerability in the wild has been acknowledged by Microsoft AFTER it compromised several people. Not surprisingly most of these are exploitable via the browser or documents.
Is this all a co-incidence? Many would agree that it isn’t. It’s likely that attackers stash up zero days and launch them during the holiday season. Simply put – when attackers launch attacks, they’re well aware that they’re playing a game of odds. Releasing an unknown vulnerability at the peak holiday season just increases their chances.
So what’s the cure? Surely you could go and pay only cash. In fact you’re even more secure if you just shut down internet altogether at home (you’d still be vulnerable to physical attacks though). However, if you’re reading this blog; then it’s most likely that this is not a viable option. Today we need to fight against these odds and yes, each of one us is THE Target.
Unfortunately, in the world of digital online security today – offense is easier than defense and the odds are against each of us. Our mission @bromium is to change those odds – significantly.
Have a great holiday season and stay safe!