Organized and Foreign Attacks
Not a moment goes by that a successful company or organization isn't attacked. Whether for political reasons or monetary gain, the attacking groups have resources, money, and time that can literally exhaust your orgainization.
Arsenal deals with organizaed foreign attacks every day for companies large and small. We have the man power, the inginuity, and the discretion to help you make the right decisions regarding the situation your company is in. This may involve:
- Stopping attacks on your infrastructure
- Analyzing the attackers custom malware to understand what they are targeting
- Pattern Blocking - Arsenal has been analyzing foreign entities attacks since 2006. With this knowledge we can help you create a perimeter around all of your company's remote locations as well as headquarters.
- Discretion - Arsenal can work seamlessly with your IT team or even quietly behind them. We believe that your company's secrets should stay in the hand of only the 'need-to-know' We can even coach your incident team on best practices of indicent discretion.
Don't think your incident is too sensitive to ask for help. Time is not on your side when the attacker's have more resources than you. Call Arsenal 24x7 if you have an incident you would like assistance with.
Hotline: 800-274-5208
|
PII and PHI
Personally Identifiable Information (PII), as used in information security, is information that can be used to uniquely identify, contact, or locate a single person or can be used with other sources to uniquely identify a single individual. The abbreviation PII is widely accepted, but the phrase it abbreviates has four common variants based on personal, personally, identifiable, and identifying. Not all are equivalent, and for legal purposes the effective definitions vary depending on the jurisdiction and the purposes for which the term is being used.
If your company processes or stores PII or PHI data, there are many regulations you must comply with. If you suspect your data has been compromised, contact Arsenal immediately. Our response team can help you triage the incident and help you keep your data secure.
|
Employee Misconduct
 Employee Surveillance
As management, you may be in a situation where you cannot 'trust' your own IT staff to monitor another employee. Let Arsenal be the solution. We have the tools and knowhow to discreetly monitor your employees actions.
This may involve:
- Employees internet usage and
behavior.
- Is someone reading someone
else's email?
- What is being sent via email
and web based email?
- What files and applications
are being accessed?
- What is being copied to a USB
Thumb Drive?
Trying to do this with internal resources can be time consuming and impact morale amongst the
team. If this involves an IT person directly, you may feel 'trapped' within the situation. Arsenal's methods are not easily detected by
even the most advanced employee. Call ustoday to discuss your options.
We live in a digital age so it is expected that most employee misconduct is going to involve a computer. If you suspect an employee
performing acts against company policy (or breaking the law), you should call Arsenal for assistance.
Regardless of reason, a disgruntled employee can cause
untracable damage to your systems and /or your reputation. In recent cases Arsenal has helped clients
stop employees (and terminated employees) from:
- Reading others email and
sending forged email for personal gain.
- Deleting files from servers
- Emailing company secrets to outside organizations
- Intentionally shutting down servers and systems to disrupt business
|
What to do When your Business is Compromised
Learning that your computer systems may have been breached can be overwhelming. This guide is to help if you have been required to perform an investigation or if you have detected a breach of your own systems.
What this means
WHY THE BANK CALLED?
Your bank has noticed a large amount of fraud that correlates to your business’ card processing. This is called a Common Point of Purchase (CPP). Your bank has likely been contacted by one of the card brands (Visa, MasterCard, American Express, Discover or JCB).
|
HOW DID THIS HAPPEN?
While each Account Data Compromise (ADC) is different, statistics show that over 80% of all cases involve the Back of House Server for your card processing. This is likely a computer in your office running a version of Microsoft Windows.
|
WHAT NEEDS TO HAPPEN NEXT?
A Forensic Company certified by the PCI Council needs to be selected to start the investigation right away. The card brands, your bank, and you all have something in common. No one wants to see customers suffer from fraud or be concerned about where they make purchases. Conducting this investigation quickly helps preserve evidence of the attack and may:
• Reduce fraud found by customers and their issuing banks.
• Influence any fines demanded by your bank or the Card Brands.
• Help officials track and identify the attacker.
1. RIGHT NOW – REDUCE CHANGES
Until the on-site investigation begins, you should do everything you can to reduce changes to your system. While your business needs to function:
- Don’t reboot your systems.
- Don’t allow your tech support to dial-in remotely or make "fixes".
- Keep a short diary of dates and times of any unusual or suspicious activities.
2. UNDERSTAND THE RELATIONSHIP WITH YOUR BANK AND THE CARD BRANDS
The Card brands only have a direct relationship with your bank, not with your business. Any communication or potential fines will usually come via your processing bank as they have the relationship with you.
3. LIMIT CONNECTIONS WITH YOUR POS RESELLER OR INTEGRATOR
Your POS reseller or integrator likely has other customers in your area that are experiencing a breach. Because of this, your best interest may not be the same as theirs. They may want to "clean-up and patch" your system to reduce their liability. You should limit or remove their ability to connect to your systems until after your on-site investigation.
4. SELECT A FORENSIC INVESTIGATOR FIRM
A PFI is a Forensic Investigator approved by the PCI (Payment Card Industry) Council to perform forensic investigations. This short list helps promote objectivity, but reduces cost. All the card brands will accept the PFI’s investigative work as their own.
You should select a PFI that has extensive experience and can respond quickly since time is of the essence.
|
What attackers are looking for…
There are many different POS systems, and many different pieces of Card Holder Data. The most "lucrative" is the information in the magnetic stripe on the back of the card. This is referred to as TRACK data and is usually the target of the attacker.
A compliant POS system should not store TRACK data, but attackers will use "malware and sniffers" to capture track data from your system. In most cases, the tools are transparent and you won’t even notice them on your system.
We understand this is new to you…
Fortunately, it is not new to us.
As a certified PFI since 2006, Arsenal’s experience of over 400 cases is a great asset. We can help you understand WHY your bank is asking things from you, and WHAT your integrator may have done wrong. We pride ourselves in being able to advise you throughout this process, while using non-technical, plain-English explanations.
Call Arsenal's Forensic Hotline at 800-274-5208
|
Incident Response & Forensics Contact
|
