R-CISC BLOG

Sharing Threat Intelligence at Both Ends of the Chain

An SC Magazine e-book came out recently, dubbed “Retail Retaliation,” which gives a good summation of some of the issues facing retailers these days. It’s an oversimplification to say it’s all about that POS, but we certainly know that attackers are going to keep exploiting vulnerabilities where the transactions occur.

Ranging from physical compromise of the POS system to malware drops, lateral attacks across the network, supply chain tampering, and application-level fraud, there are multiple layers and vectors to monitor. Threat intelligence encompasses much more than machine-readable indicators that go straight into a rule or a filter: it has to include tactics and techniques such as misusing the transaction communication system to send spam, or hijacking customer accounts to commit warranty fraud. While trading indicators on POS malware is important, we need to make sure that the information exchange goes all along the supply chain, the “kill” chain, the transaction chain, and the fraud chain.