Protecting against the threat of PoS malware


The recent resurgence in point-of-sale (PoS) malware attacks has, once again, demonstrated the vulnerability of these systems.

Over the course of just a few weeks, breaches were reported at Oracle’s MICROS point-of-sale division and the HEI Hotels and Resorts group.

Soon after, the outdoor clothing retailer Eddie Bauer reported a breach in which unauthorised parties accessed payment card information.

Incidents such as these can have a serious impact on customer confidence; consumers need to have faith that the payment systems used are safe and that their card data and personal details are secure.

Unfortunately, point-of-sale systems have inherent vulnerabilities, which can be easily exploited when an organisation is running hundreds of processes on thousands of machines.

Once infected, malware can quickly spread from machine to machine and criminals can steal a host of sensitive data.

>See also: Point of Sale malware takes a bite out of Wendy’s fast food chain

Despite technologies like chip and pin cards and mobile payment systems, point-of-sale malware continues to be a persistent threat.

So how can organisations better equip themselves to prevent and detect these attacks?  

Point-of-sale: a prime target

Like any business, cyber criminals seek to maximise returns and minimise risk.

And make no mistake, the vast majority of cybercrime is orchestrated by increasingly sophisticated, for-profit enterprises.

For organised attackers, PoS systems represent something of a soft target; an attractive combination of valuable information with outdated or minimal security.

They’re often using embedded versions of Windows or Linux, making them vulnerable to malware.

They’re connected to the network to communicate with corporate systems and external credit card processors.

This means that if hackers can access a single endpoint, they can quickly spread malware to more devices, which appears to be the case with the Eddie Bauer attack that infected all of the company’s North American retail stores.

Finally, the PoS systems are often installed in exposed or remote locations, making securing them more difficult.

>See also: Most complex ever ‘silent assassin’ POS malware has stolen millions from US retailers

Beyond the technology itself, there are additional risks inherent in the way that these systems are used.

For example, if employees are not properly trained, they may not be aware of the security risks of checking personal email, surfing the web, or playing online games that all make these systems more vulnerable to attack.

Closing the security gap

Preventing and detecting these attacks starts with deploying multiple layers of defence.

First and foremost, retailers need to take a proactive approach to tracking down any warning signs of unauthorised or unusual behaviour.

Every user and application interaction in a system leaves a trace, what we call forensic residue.

The challenge becomes finding evidence of a compromise and acting to stop a breach before the final phase of the attack has been completed and cyber criminals actually make off with the sensitive data they came for.

To do this, security teams need visibility into every endpoint – including point-of-sale terminals – to hunt for signs of unauthorised activity.

It is only by tracking and reporting on endpoint activity in real time, that security teams can identify threats that get past traditional perimeter defences.  

Retailers should also improve encryption for all sensitive data, especially customers’ payment information, and enhance technology allowing transactional applications that establish trust, accountability, confidentiality and transparency while streamlining business processes.

Blockchain technology, the technology behind Bitcoin, is a good example of this.

>See also: The future of retail: digital, drones, decisions, data – and no queuing

Once endpoint detection and response capabilities are in place, organisations also need to account for their off-line, physical security.

PoS systems need to be secured and monitored to prevent a physical breach. Too often, bad actors can just walk up to a machine, insert a USB drive and deliver malicious files onto the network.

The last example demonstrates the need for organisations to understand cybersecurity is more than just an IT problem.

There is no technology or software ‘silver bullet’ that can solve cybersecurity risks alone.

Security strategies must include IT, HR and training, risk management, and buy-in from the most senior levels of the organisation.

As we move towards a day when all commerce will be digital, hackers will continue to look for ways to exploit systems and find valuable information.

These risks can never be fully eliminated, so organisations need to invest in a comprehensive digital risk management and security strategy to mitigate them.   


Sourced by Fortunato Guarino, solution consultant EMEA, cybercrime & data protection advisor, Guidance Software

Avatar photo

Nick Ismail

Nick Ismail is a former editor for Information Age (from 2018 to 2022) before moving on to become Global Head of Brand Journalism at HCLTech. He has a particular interest in smart technologies, AI and...

Related Topics