Earl Enterprises, which manages popular restaurant brands including Buca di Beppo, Planet Hollywood, Earl of Sandwich, Chicken Guy!, Mixology, and Tequila Taqueria, announced that nearly 100 restaurant locations around the United States may have exposed customer payment card data over a 10-month period from May 2018 to March 2019.
In a data breach notice posted on its website, Earl Enterprises confirmed that malware was installed on some point of sale systems at certain affected restaurant locations. The malware was designed to capture payment card data, including credit and debit card numbers, expiration dates, and cardholder names. Online orders paid for online through third-party apps or platforms were not affected by this breach. Per the company, the incident has been contained and is being investigated.
Earl Enterprises has yet to confirm the size, but independent security researchers reported over 2 million stolen cards are now for sale on the dark web on the dark web, seemingly as a result of this breach.
What does this mean?
While cardholders are generally not liable for fraudulent charges, it is important to monitor your credit and debit card accounts for suspicious charges and report fraudulent activity to your bank in a timely fashion.
Originally seen: December 2017 on Tech Target
Cloud environments are no less susceptible to ransomware than other environments. However, they have properties that can make response and preparedness different. For example, they might employ different notification and communications channels, they might involve different personnel, and there may be a different control set in use. It can behoove organizations to think through ransomware in the cloud the same way they prepare for ransomware for internal systems and applications.
Ransomware in the cloud
Using an infrastructure as a service (IaaS) platform gives the cloud customer more visibility into the underlying OS than other cloud models, but this, in turn, means that issues, like patching — particularly in the case of legacy or special purpose systems — are just as complex as in other environments, and therefore may take longer than one might like.
The issue is that an IaaS environment might be susceptible to ransomware. What is different with IaaS, though, is how the organization discovers the ransomware, how it responds and how it protects against the threat. As a practical matter, different personnel are often responsible for direct oversight of IaaS workloads compared to other technology.
For example, cloud is conducive to shadow IT. It can be hard for enterprise security teams to identify and manage shadow cloud applications used by employees and lines of business across an organization. Will a development team, business team or other non-IT organization plan for — and be ready to remediate — ransomware in the cloud to the same extent as the technology organization?
Even if shadow IT isn’t a factor for an organization, initial notification of a ransomware event might come through a different channel than expected. For example, notifications could come from a relationship manager for larger deployments; a defined escalation channel with the service provider, which might be a business team; or through a provider-maintained service portal.
Also, keep in mind that both the resolution and implementation of specific countermeasures might need to be done through different channels. As an example, if a key activity in response to a rapidly proliferating ransomware, like WannaCry, is to proactively patch, the manner in which you affect this might vary for the cloud — an enterprise might need to schedule a maintenance window with its provider, for instance.
Aside from IaaS, other cloud models can be impacted, as well. Even SaaS isn’t immune — consider storage such as Dropbox, Google Drive, etc. Typically, these services work by syncing local files to the cloud; for a small organization, this might constitute its primary storage, backup or data sharing mechanism. What happens when the local files are encrypted, deleted, overwritten with garbage or otherwise compromised by ransomware? Those changes will be synced to the cloud.
Mitigation strategies for cloud ransomware
What can organizations do to prepare for ransomware in a cloud environment? There are a few things that can make response significantly easier. Probably the most effective thing organizations can do — for both cloud environments and for any other environment — is to specifically exercise response and escalation procedures.
For example, a tabletop exercise can be very helpful in this regard. A tabletop exercise defuses the primary question: will you pay the ransom? Invariably, someone will suggest paying it regardless of law enforcement and others arguing against it — discussing this specifically ahead of time helps clarify pros and cons when adrenaline levels aren’t off the charts.
Secondly, working through alert and response scenarios ahead of time means you get answers to key questions: how will you be notified of an event? Who will be notified, and what notification pathways correspond to specific cloud relationships? Also, what is required to take responsive action in each of those channels?
It’s also a useful idea to undertake a systematic risk assessment specifically for ransomware. You might, for example, look at backup and response processes to ensure that, should data be specifically targeted by ransomware that seeks to render it inaccessible, the organization has thought through protection and recovery strategies at the technical level.
For an IaaS relationship, think through and test backup and response services that service providers might offer, technical controls that they offer and the countermeasures the organization already employs. This level of risk analysis is probably already done for the enterprise as a whole, but you should take measures to specifically extend that to cloud relationships. This can be somewhat time-consuming for organizations that have numerous service provider relationships in place, but this effort can be folded into a broader activity that has value beyond just ransomware — for example, malware mitigation more generally, data gathering about cloud relationships, threat modeling, cloud governance or other activities that involve the systematic analysis of cloud relationships.
The arguably harder situation in the event of ransomware in the cloud is the intersection of SaaS and smaller organizations — specifically, the possibility of corruption of cloud storage through synchronization of ransomware-impacted files to a remote storage repository. Specific measures to prevent this are available, such as keeping a manually synced or time-initiated mirror of data at another repository, assuming that the volume in question isn’t such that this is prohibitively expensive.
Alternatively, backup solutions that keep prior iterations of data can provide a means of recovery even if the primary storage location is compromised. Regardless of what method an organization employs, though, the most important thing is to think through it in advance and view protection measures critically.
Chime in and let us know what you are doing to stay proactive.
ITG remains committed to their clients day in and day out. Whenever you need someone, you know who to call. Mike and the ITG team care so much about the clients that they want to spread the word. Although it may be strange if Mike stood on a rooftop yelling about all the ways they can help someone, we figured the clients could tell you best. We recently interviewed Linda from NYACP, New York Chapter American College of Physicians, to get her take on ITG and to find out more about what she does!
NYACP is a not-for-profit professional service organization providing education, advocacy and quality improvement/practice management for 12,000 internal medicine physicians in New York state. Linda loves that her work focuses on improving healthcare and helping members achieve success in the ever-changing practice environment.
In a world of such uncertainty and change, wouldn’t you want to feel that passion? Every business will suffer from technological issues, updates and threats to operations by viruses and other intrusions. Lucky for Linda, her limited IT experience was in hiring the right consultant. She has better peace of mind within the company since working with ITG. She has been able to learn more about technology as her business grew and came to better understand the impact of technology and interoperability. This allows her to feel more comfortable with her entire IT infrastructure allowing her to focus more on management and operations.
She was first introduced to ITG by word of mouth from colleagues. After interviewing others and assessing the best choice, Linda chose ITG because of their experience and local reach. She has not been disappointed, and its been years working together! When asked what the process is like to work with ITG she said: “They are a sound, reliable partner, they respond to our needs expeditiously and completely.” She considers the ability to ask questions and get “helpful, meaningful information in easy to understand language (and Diagrams!!!)” to be the best value for a busy executive.
Did you Know……….
- Her favorite part of working with ITG is “the staff, the reliability of their recommendations and their service”!
- There are laws and regulations in place that require companies to take measures to prevent data breaches and other attacks.
You too can have the peace of mind in your day to day life by partnering with a company that cares about your business, answers questions and immediately responds to concerns. Reach out to ITG today and speak with the team about how they can help!
Article By: Rob Shapland of First Base Technologies LLP
The Cloud Security Alliance recently released its 2017 report on “The Treacherous 12,” a detailed list of the most significant cloud security threats. The list was compiled by surveying industry experts and combining the results with risk analysis to determine the threats that are most prevalent to organizations storing data in the cloud.
An interesting observation is how similar cloud security threats are to the risks of storing data anywhere else. The data in the cloud is still stored in a data center, and it can still be accessed by hackers via many of the same methods they have always used, such as email phishing, weak passwords and a lack of multifactor authentication.
There seems to be a general opinion among many organizations that storing your data in the cloud — specifically in infrastructure as a service — outsources the security completely, with an almost out of sight, out of mind attitude. However, as cloud service providers will point out, there is a shared responsibility model that means although the cloud provider may be in charge of the underlying infrastructure, your organization is responsible for the security of the applications and data that reside on that hardware.
The top cloud security threats
The key cloud security threats worth highlighting from “The Treacherous 12” report are the insider threat, the risk of data loss and insufficient due diligence. They demonstrate the casual attitude many organizations have about the use and management of cloud services.
There are many cases where organizations use cloud services as a way of bypassing what is seen as an overly restrictive IT department, whereas, in reality, the IT team is trying to protect the data. By bypassing the IT team and signing up for cloud services without their consent, the business can think it’s becoming more agile in its approach, but, in reality, it is circumventing restrictions that were designed to reduce the risk of a data breach.
There are many different SaaS providers offering tools and services to organizations with slick marketing and promises of positive ROI. However, the due diligence that is done on these services is lacking, which may be surprising.
For example, if your organization outsources its HR data to a small SaaS company, performing security due diligence on it should be a key prerequisite. That company may spend only a fraction of what your organization spends on security, and it may be a very attractive target for hackers because of the data it stores. Your organization’s data may be far more likely to be stolen through that third party.
You also may be reliant on that organization’s backups to prevent data loss; storing critical data on another company’s network leaves your organization at even greater risk. There is also the added risk of insider attacks; the employees of the SaaS company have not been through your vetting procedures, and its processes for monitoring staff may not be as robust as yours.
Overall, the Cloud Security Alliance’s report successfully highlights the key cloud security threats and just how similar those risks are to storing data anywhere else. It provides a timely reminder to ensure that enterprises treat the data they store in the cloud with the same care and attention that it would if it were storing it on premises.
Are you convinced yet? Our MSS services are a proactive and detective service to reduce security risks. Call us today to find out how we can help prevent the inevitable 518-479-3881.