Between November 27 and December 15 last year, unknown attackers breached the network of US retail giant Target and stole the debit and credit card data of 40 million account holders, including an additional 70 million accounts with personally identifying information (PII).
More than a month later, it is now known that the attackers used a derivative variant of the BlackPoS malware, called Trojan.POSRAM, linked to young Russian hackers.
Police in southern Texas have since arrested a man and a woman from Mexico who were caught with 96 counterfeit credit cards, believed to be linked to the Target breach and used to spend tens of thousands of dollars at stores such as Toys ‘R’ Us, Walmart and Best Buy.
But what can businesses and retailers learn from the attack? Here are some top tips:
PoS targeted malware is on the rise, prepare for it – Over the past few years, experts in the info security field have noticed the steady increase in malware that specifically targets point-of-sale (PoS) systems. So how do you prepare for it? Start by patching your PoS systems, enforcing a separation of duties and educating your cashiers.
Segment your trusted network – As an industry, we have adopted a general trilateral paradigm that includes the external network (Internet), a demilitarised zone (semi-public servers), and our trusted network. The problem is our trusted network should not be flat. It makes it much too easy for attackers to perform lateral movement.
Be more proactive with malware detection – Unfortunately antivirus (AV) technology still relies heavily on reactive, signature-based detection. This means that it can’t find and block new malware until after it’s first analysed, which is typically not until after it has infected at least one victim. However, recently newer malware detection controls have surfaced.
Focus your defence on data – Most of our preventative security controls are focused on protecting machines and devices and not necessarily on protecting data directly. We need to spend a bit more time monitoring and protecting data directly.
Focus more on detection and response – Preventative controls are a must for any organisation and they are probably the best bang for your buck. However, many organisations have focused too singularly on prevention and have forgotten to consider the other very important aspect of network security – detection and response. Cybersecurity is a continuous arms race.
Migrate away from XP – Supposedly 95% of ATMs are actually running on top of Windows XP systems. Unfortunately, XP is going ‘End-of-Support’ in the next four months or less, which means it will not receive security updates in the future. Now is the time to migrate PoS systems away from XP to ensure the most secure operating environment.