Security Central: Forever Breached

Written by Allison Francis
January 11, 2018

Forever 21 revealed that hackers breached their payment system several times in 2017, admitting encryption was turned off on some of their POS devices.

We’ve all done it. We’ve slunk into a Forever 21 store in our local mall, rifled through the endless, unorganized stacks of sequin-ed, flimsy clothing hoping to strike retail gold. We’ve rationalized buying that $6 shirt, justifying to ourselves that even if it falls apart tomorrow (which it absolutely will), it’s fine because we didn’t spend that much on it to begin with. Right?

Turns out, it may have cost some folks a lot more than that. The popular clothing retailer disclosed last week that hackers gained access to credit card information of customers who shopped on specific dates between 2004 and 2007.

The company hasn’t revealed the number of customers who had their information swiped (so to speak), but it did say that various point of sales (POS) terminals were affected between April 3 and November 18, 2017. The hackers didn’t mess around, collecting credit card numbers, expiration dates, verification codes and in some occasions, cardholder names.

How did this happen? Unfortunately, there’s a pretty simple answer – the company failed to turn on encryption in some of its POS terminals. Mind-blowing.

“With its endless POS endpoints, the retail industry has always been a desirable target for cybercriminals,” says Mark Cline, a VP at managed security services firm Netsurion. “They know that if they can introduce malware into POS networks, they can make a decent amount of cash by selling credit card numbers on the dark web. With their millions of customers, large retailers, like Forever 21, have typically been the hardest hit.” Yeah, especially if you don’t encrypt your POS systems…

Cline goes on to say that companies must pay up to $172 per stolen record in clean-up costs. A major retailer just paid $18.5 million to address the impact of its 2013 hack, which resulted in 41 million stolen credit cards.

Many companies still think anti-virus software and managed firewalls are enough. Perhaps it was that way years ago, but partners specializing in the retail world know that to properly protect a company from POS malware, ransomware and other threats, retail businesses must run a strong offense with active monitoring and threat detection. They must harden their IT and POS security.

Considering the threat landscape now, retailers need tools and the knowhow to harden their security stance and protect their infrastructure from POS malware and ransomware. As providers, you can offer a Security Operations Center (SOC), around-the-clock monitoring, evaluation, and response of all security alerts. You can also evaluate the universe of threats retailers face, triage, and escalate resources to deal with critical threats on an ongoing basis.

Here are a few good rules of thumb from Cline to pass along to customers:

Run a vulnerability scan, and update all operating system and software upgrades and patches immediately.
Set up a next-generation security system. Buy, build, or borrow the resources to stay ahead of threats and stop ransomware in its tracks with:

A next-generation firewall that includes rules you configure to control incoming and outgoing traffic. Manage it 24/7 to make it effective.
Use a Security Information and Event Management (SIEM) application to analyze all of your data, filtering out the ‘noise’ or false positives that can make it difficult to detect threat patterns and anomalies that indicate early-stage attacks. The SIEM will issue alerts, so that you can take immediate action when warranted.
Implement a Managed Detection and Response (MDR) system that will detect incoming and existing malware, whether it is located on a POS system, workstation, or network. Set it to automate immediate, direct remediation, which will help with some threats.

Forever 21 sent notification letters to the customers who were affected and contacted the three major credit reporting bureaus.