Security & Fraud

Hacker Tracker: Sabre Investigating Breach, Card Testing On The Rise

It’s been a big week in the broader cybersecurity realm, starting with a data breach of Sabre Corporation’s hospitality unit.

In the travel technology company’s Q1 earnings filing, Sabre wrote that they are “investigating an incident involving unauthorized access to payment information contained in a subset of hotel reservations processed through the Sabre Hospitality Solutions SynXis Central Reservation system.”

The unauthorized access has been shut off, Sabre said. As of now, there is reportedly no evidence of continued unauthorized activity.

Aside from the obvious, the reason this breach is disconcerting to security experts is the way in which a single breach of Sabre’s system could have worked to allow cybercriminals access to a much broader attack surface.

To begin, some 32,000 properties use the travel tech company’s reservation system. In penetrating a single system, attackers could gain access to tens of thousands of additional targets.

But that’s not all. The compromised Sabre system reports offering seamless connectivity to over 120 property management, 7 revenue management, 7 CRM and 18 content management solutions according to the company’s website.

Jeff Hill, Director of Product Management at third-party risk management solutions provider Prevalent, Inc., explained: “Application interconnectivity enables myriad benefits that consumers of enterprise software take for granted, but it also gives cybercriminals multiple pathways with which to exploit a single breach.”

Hill went on to state that tightly-linked data supply chains are simply a reality of modern business. More than ever, managing risk factors across third- and fourth-party vendors and the entire chain is important to an organization’s security.

The news of the Sabre breach investigation comes just a few days after omnichannel tech and operations company Radial released some alarming new fraud insights from the retail space which should work to further fan the fire beneath cybersecurity and authentication initiatives for businesses operating online.

Radial found that overall fraud in the eCommerce space showed grew 30 percent year over year in Q1 of 2017. The greatest growth of fraudulent purchases seen in electronics, entertainment, jewelry and sporting goods.

“I strongly urge retailers to strengthen their protections when it comes to fraud. Fraudsters are getting more determined, and they are no longer deterred by a measured anti-fraud response,” said Michael Graff, Radial’s Risk Analytics Manager.

The growth in digital payment fraud comes as activity has moved away from card-present transactions in an ecosystem protected by EMV authentication standards.

Radial found a 200 percent rise in Q1 of credit card testing—when stolen payment card credentials are ‘tested’ with small, innocuous buys before cybercrooks move on to larger fraudulent purchases.

“Regular risk and compliance assessments are not enough for today’s clever fraudsters,” Graff said. “Active fraud management solutions are required to both fend off the threat and protect a good sale.”

Of course, for retailers, combating fraud is complicated that just beefing up cybersecurity protections. The consumer experience matters — from entering the home page through to making payments. Introducing greater security and authentication measures has often been viewed as introducing friction in the buyer journey.

This is an ongoing struggle for online retailers — though a swath of stronger authentication measures that run on the back end will likely be part of the solution strategy many retailers adopt in the coming years.

Likewise, Graff shared the two key components to a strong credit card testing detection strategy. The first is to have sensors or monitoring to recognize card testing taking place in real-time. Finding this form of fraudulent activity weeks later or during an audit, the damage has already been done.

Second, Graff said retailers “need to have proactive ways of restricting the activity. Your system should be configurable to recognize common data points as velocity attacks, or at the very least allow a manual response where the use of this data can be restricted.”


Here are other top cybersecurity stories that made headlines this past week:

Hackers Leverage Gaps In SWIFT Network To Pull Off Bank Heists

Another testament to the security risks inherent in interconnectivity, security gaps on the fringes of the SWIFT cross-border payment network were found to have been leveraged by cybercriminals in a series of attempted and successful digital bank heists in 2016. The controversy over SWIFT’s security flaws, especially those tied to its messaging terminals, has been growing since 2016. A number of officials have spoken out against SWIFT’s lack of action in addressing these flaws and broader security concerns. SWIFT continues to increase its demands from banks to prevent more cyberattacks, but some still say it isn’t enough.

Hacker Creates Worm That Bricks Unsecured IoT Devices

A hacker called ‘The Janitor‘ is looking to clean up the IoT’s act. But he’s going about it in a less-than-legal way. He’s created several versions of BrickerBot, a worm that seeks out and bricks unsecured IoT devices. Specifically, the worm targets devices running BusyBox, a Linux software, exposing telnet interfaces with default passwords and turning them into DDoS tools. The first attack impacted around a thousand devices, and alternate versions of the worm were able to attack thousands more. The Janitor has reportedly said the attacks are meant to be a form of “internet chemotherapy,” a way to illustrate to device owners and makers the consequence of poor security practices.

Google And Facebook Scammed Out Of $100 Million

It recently came to light that Facebook and Google found themselves out $100 million at the hands of one ambitious cybercrook—a Lithuanian man who a scammed the internet giants with a business email compromise (BEC) attack. The DoJ has since charged the man with one count of money wire fraud, three counts of money laundering and one count of aggravated identity theft. BEC fraud has been on the rise across the globe, seeing a 45 percent spike quarter-over-quarter in Q4 2016, and costing the world billions.

Ransomware, Cyberespionage On The Rise

Verizon released its Data Breach Investigations Report which found, among other things, that ransomware attack rates had risen by 50 percent in the past year. Based on data from 65 organizations, 42,068 incidents and 1,935 breaches in 84 countries across the globe, the report found that top three industries for data breaches were financial services, healthcare and the public sector. Among the more surprising finds was that educational institutions are increasingly being hit by cyberespionage — present in 26 percent of breaches, up from 5 percent last year.



The pressure on banks to modernize their payments capabilities to support initiatives such as ISO 20022 and instant/real time payments has been exacerbated by the emergence of COVID-19 and the compelling need to quickly scale operations due to the rapid growth of contactless payments, and subsequent increase in digitization. Given this new normal, the need for agility and optimization across the payments processing value chain is imperative.

Click to comment