‘Smoking Holes’ and the new age of retail cybersecurity
Following a recent series of data breaches targeting both large and medium sized retailers, many retailers are investing in technology that will help encrypt credit card data at the point of sale. Although a meaningful way to reduce risk, endpoint encryption is not the silver bullet solution hoped for by many retailers.
We're witnessing a new type of cybersecurity incident we’re calling "Smoking Hole Attacks”. Smoking Hole Attacks are designed to destroy a company's whole IT infrastructure, leaving nothing behind, potentially putting the company out of business! These attacks will steal and erase data, knock critical IT services offline, and severely impact the victim organization's entire ability to operate.
Many in the security community have predicted widespread Smoking Hole Attacks targeting US companies — the digital equivalent of a Pearl Harbor-style event. Until now, most of the know-how to mount these sophisticated attacks was kept out of the hands of average hackers. The majority of Smoking Hole Attacks were in fact associated with “state sponsored” hackers like the attack on oil company Saudi Aramco in 2012 that wiped the hard drives of over 30,000 computers. Most recently, Sony was on the receiving end of the biggest Smoking Hole Attack on record, with many blaming North Korea as the protagonist.
Just how destructive was the recent Sony hack? Consider this:
• Just about every single piece of information within Sony's network is likely now compromised
• More than 47,000 Social Security numbers were included in the leak, in addition to thousands of emails, names, dates of birth and other pieces of personally-identifiable information
• Among the more damning pieces of evidence from the hack include racist emails from company execs, scripts for yet-to-be-released films, celebrity pseudonyms, petty emails from actors, vendor contracts and information about current court cases
• At least six class-action lawsuits have been filed against Sony thus far in the fallout from the breach
• In total the hack will probably cost Sony at least $100 million, although that number is likely to go up over time
Our research indicates destructive malware (called Wiper malware) used for Smoking Hole attacks is readily available for sale in underground hacker forums. Ransomware software also includes malware designed to wipe out files if a ransom is not paid by the victim. Although Ransomware malware has become more common, few companies have been crippled by it. The Smoking Hole attack at Sony served as a wakeup call, showing the industry how disruptive wiper malware can be to a company’s operations if hackers gain access to key systems. We expect Smoking Hole attacks to become more common and drive up the cost and impact of a cybersecurity response. We also expect Smoking Hole and Ransomware attacks to converge into one threat – one where the hacker will breach networks, infect systems and threaten to wipe servers, computers and POS devices and destroy it all if a ransom is not paid.
Encrypting data at the POS is an effective way to limit risk from a data breach. But POS does little to protect an enterprise from Smoking Hole Attacks. A Smoking Hole attack will likely begin with one of three different scenarios. 1. Hackers gain access to your network by exploiting a vulnerability in one of your company's Internet-facing servers. Once the server is compromised, they may be able to gain access to other systems on your network. 2. Hackers send phishing messages to employees. An unsuspecting employee clicks on a malicious file or link and installs malware that is remotely controlled by the hackers. Hackers now have the ability to snoop for vulnerable servers inside your network. 3. A disgruntled IT employee decides to use trusted systems access to plant destructive malware.
Initial indications show Smoking Hole attacks require time inside your network to map it out, gain access to servers and steal passwords. Evidence indicates that reconnaissance can last weeks or months. For maximum effect, hackers often create malware that is designed to synch a destructive activity to a single date and time, like wipe all hard drive data. The cumulative effect can easily overwhelm an entire company in minutes. Email, files and even entire databases are copied, moved off the network then erased. The techniques to restore these systems from backup are incredibly inefficient, often ad hoc and in the worst cases, unmanageable.
For retailers who don't have the skills and technology to detect and prevent a Smoking Hole Attack, the best defense is to plan for the worst contingency and have a way to restore critical systems. Your best bet is to implement strong detective controls that offer defensive capabilities to deter attacks and identify suspicious activity on your network before it leads to a Smoking Hole.
Professional service assessments can help identify vulnerable infrastructure where hackers can gain a foothold. Advanced security monitoring detection techniques can help detect reconnaissance activities before they get too far. Security monitoring can also detect suspicious activity from a malicious insider who is logging into systems and planting malware across an entire network. Advanced malware detection can help identify the destructive malware before it wipes your company's systems.
How Smoking Hole Attacks Will Evolve
The techniques to perform a Smoking Hole attack are already well-known throughout the hacker community. It will not be long before criminals begin to perform these attacks and demand ransom from victims similar to CryptoLocker. Monetizing these attacks will give criminals another source of revenue besides data theft. Many are already gaining unfettered access to company networks to steal data, and it would not be very difficult to begin to plan destructive malware and demand ransom from a victim in return.
Like all IT threats today and in the future, there are no silver bullet style solutions to protect yourself against these attacks. Security solutions that mitigate risk across the entire IT and network ecosystem (server, desktop/laptop and network) are required. Proactive threat identification, remediation and monitoring are key to limiting risk from Smoking Hole Attacks.
Pete Chronis is chief security officer at EarthLink, a leading provider of managed network, security and cloud solutions.
Dollar General CFO goes out on top
David Tehle, executive vice president and CFO at Dollar General, will retire from the company effective July 1. The retailer has started a search for a successor and will consider both internal and external candidates for the job.
The news comes as Dollar General prepares the retail industry’s most aggressive new store expansion plan.
Dollar General chairman and CEO Rick Dreilling said the company will add to its 2014 year end store total of 11,789 units in 2015 by opening 730 new stores and remodeling 875 others. The new store expansion target equates to square footage growth of about 6%, which Dreilling indicated will further increased to 7% square footage growth in 2016. The company did not provide a specific 2016 new store or remodeling target, but a few simple calculation based on the company’s average store size and 2014 year end square footage total indicated the company is poised to open more than 800 units annually.
“In 2014, momentum built in our business as we moved through the year, marking our twenty-fifth year of consecutive same-store sales growth. We are pleased with our fourth quarter results which reflect accelerating same-store sales and we intend to capitalize on that momentum as we move into 2015,” Dreiling said. “As we look ahead, we have exciting operating plans that build on our competitive strengths. For 2015, we are forecasting a year of strong growth including a total sales increase of 8% to 9%, same store sales growth of 3% to 3.5% and EPS growth of 10% to 13% over 2014 adjusted EPS. Given our strong return profile for new stores, we plan to accelerate our new store openings to approximately 7% square footage growth in 2016.”
The growth acceleration comes in the wake of Dollar General’s failed attempted to acquire Family Dollar after Dollar Tree reached a merger agreement with Family Dollar. If pursuit of Family Dollar was a distraction to management it wasn’t evident in the company’s fourth quarter performance. Net sales increased 9.9% to $4.94 billion and the 4.9% same store sale increase was the result of increases in customer traffic and average transaction size.
The growth was driven by strength across all categories with the strongest growth coming from candy and snacks, tobacco, perishables and health care, according to the company. Profits increased to $355 million, or $1.17 a share, compared to $322 million, or $1.01 a share the prior year, and would have been about two cents a share higher had the West coast port slowdown not delayed the receipt of some higher margin products.
For the full year, sales increased 8% to $18.9 billion and same store sales increased 2.8%. Net income increased to $1.065 billion, or $3.49 a share, compared to $1.025 billion, or $3.17 a share.
Buckle buttons down solid Q4
Kearney, Neb. – The Buckle Inc. reported a slight year-over rise in net income as part of a generally successful fourth quarter of fiscal 2014. Net income increased 1% to $60.13 million, from $59.3 million.
Sales climbed 4% to $353.54 million from $339 million. Same-store sales rose 1.1%, while online sales (which Buckle does not include in same-store sales) grew a more impressive 12.6% to $33 million.
For the full fiscal year, net income remained flat at $162.6 million. Net sales increased 2% to $1.15 billion from $1.13 billion the previous fiscal. Same-store sales were flat, online sales increased 6% to $94.3 million.