A few days ago, Trey Ford wrote up a fantastic blog post, called "Anatomy of Retail Credit Card Breaches," detailing the motivations, tactics, and even the behavior profile of an example retail credit card breach. Certainly no two credit card breaches are ever alike, and each attacker brings their own strategies and unique tactics to the attack chain, but as (unfortunately) we've seen a number of retail credit card breaches in the past months and years, we've also noticed a pattern in how these attacks can occur.
Based on this knowledge, we've created an infographic detailing a sample retail credit card breach attack chain, starting from an attacker's initial entry to a network all the way to data exfiltration and fraudulent activities. In this infographic, we also give some pointers on how to stop an attack in its tracks at each of the major steps of the attack chain. This infographic is to the right, and we call it: "The Credit Card Criminal's Playbook: A Retail Data Breach Attack Chain."
I promise our lawyers are not making me say this, but I do need to disclaim here that the attack chain we're dissecting here is not specific to any recent breach and also is definitely not inclusive of all possible attack vectors. It does, however, walk through some of the most common methods we've seen of late—and we hope it can help spur conversation about your current security processes and policies, and any gaps that might be present.
I'd love to hear if you found this infographic useful. Was it something you shared with another team? Let me know in a comment below.
- Maria (@mvarmazis), your friendly neighborhood Community Manager