by Peter Kalnai, one of AVAST’s malware analysts on PoS security for SMBs (www.avast.com)
One of the most dangerous places in America is your local retailer. Before you leave the building with your purchases, you run the risk of having your identity stolen.
No doubt you recall the 2013 security breaches at Target, Michael’s, and Neiman Marcus where millions of records were compromised by Point-of-Sale (PoS) attacks? PoS occurs when the customer makes a payment to the merchant, and that last exchange is the most vulnerable.
Large retail merchants lead the list by 50% of organizations where consumers’ data was compromised in 2013, followed by credit card issuers and consumer banks, according to the #DataInsecurity Report done by the National Consumers League, in cooperation with Javelin Strategy & Research. The #DataInsecurity Report also revealed that 61% of data breach victims reported the breached information was used to commit fraud against them.
This should not come as a surprise. According to the Nilson Report, approximately $4 trillion dollars was paid with credit, debit, and prepaid cards in the U.S. last year. Add to that the ready availability of code to execute PoS attacks available on underground forums and you have the perfect storm of a large victim pool for cybercriminals, an easy target since the the U.S. has not yet adopted EMV cards, a standard securing payments in other countries, and the opportunity for data breaches.
Cybercriminals don’t care about the size of your business
Although most of the PoS attacks highlighted in the media were against large retailers, cybercrooks don’t care how large or small your business is. You would think they would, but cybercriminals are more interested in raking in the money rather than caring about the fame they could possibly receive from attacking a large and popular business. Regardless of its size, if your business has a PoS system to charge customers for products or services, you should be protecting your system to save yourself from a possible attack. PoS attacks not only steal valuable customer information, they can damage your business’ reputation.
The #DataInsecurity Report shows that only 10% of retail fraud victims are confident that retailers can protect their information in the future.
How PoS attacks work
The biggest PoS Trojans, like Dexter, BlackPOS, Minerva, and vSkimmer, have targeted systems and networks running Windows. PoS Trojans use various methods to infiltrate systems:
- They can trick victims into downloading the Trojan themselves by using phishing emails that appear to be from a trusted source.
- They silently download in the background when a victim clicks a link.
- They take advantage of outdated operating systems, like Windows XP.
Once the Trojan has gained access it can remain dormant for long periods of time. During dormancy, Trojans can secretly scan, observe and gather information, such as passwords, to send back to their command servers. Once cybercriminals have all the information they need, they can call on the Trojan to act via Command and Control (C&C) servers. PoS Trojans collect and send payment tracks from credit card magnetic strips back to their servers, mostly from the PoS systems memory.
How to protect your business from a PoS attack
To protect your business from cybercriminals infiltrating your PoS system, it’s crucial you protect the corporate network connected to your PoS system. To do this you should guard your network with strong passwords. Additionally, you should educate and warn your employees of the various methods used for targeted attacks, like spearfishing emails. You should also use a proper security solution that blocks applied exploits, hacking tools, and malicious modules. The installed security solution should be password protected to stop hackers from disabling or turning off its functionality.
Cloud-based PoS systems differ by design from traditional PoS systems. They offer some additional features, like portability and lower costs, making them attractive for small and medium business owners. However, cloud-based PoSsystems are just as vulnerable to attack as their traditional counterparts. A very recent threat called POSCloud has already been reported, specifically attacking small businesses. This recent attack shows that malware authors have successfully adapted to newer PoS systems and are not excluding small businesses when it comes to their attacks. Cloud-based PoS systems should therefore not be underestimated, they should be protected just as hard-wired systems are.
How to react if your PoS system has been attacked
Businesses should admit they have been attacked as soon as possible if their customer’s data has been compromised, so their customers can take action to protect themselves. Companies, of course, need to assess the situation to determine which data has been compromised before they can inform the public. This assessment allows companies to provide their customers with the proper steps to take protective measures.
More at www.avast.com/business