What Merchants Need To Know About POS Malware Prevention

December 7, 2016 · steveverbanic · · Comments
Point-of-sale (POS) malware attacks are experiencing a resurgence — a troubling trend for retailers on the brink of peak holiday shopping season. This may explain why most retailers are immediately concerned about cybersecurity. A recent Security Magazine report noted that all respondents in the 2016 BDO Retail RiskFactor Report were concerned about security breaches and data privacy.

The concerns are well-founded with retailers facing on average, at least eight cyber attacks per year, with 74 percent of them considered advanced threats.

In terms of severity; a POS attack can be more damaging to retailers than banking trojans because it’s made public almost immediately after it’s discovered — usually by someone outside the victimized organization.

As mega-companies like Target and Home Depot learned the hard way, the collateral damage from a POS infection can be massive and spread to customers, credit card issuers, and partners and service providers.

What Is POS Malware? Why Are Merchants Vulnerable?

POS malware is the generic term for a Trojan that scrapes point-of-sale terminals’ RAM memory (hence the name, “RAM scraper) in search of credit card data to steal and sell on the black market or use for identity fraud. As an attack tactic, POS malware is gaining traction because cyber criminals see it as an opportunity to amass large volumes of live payment cards without getting caught on camera.

But wouldn’t the obligation of merchants to encrypt data render it pointless to even attempt a POS malware attack? With data encryption being a requirement for compliance, one would think the answer is “yes.”

The vulnerability lies in a design oversight by POS terminal application vendors, who haven’t made a practice of encrypting data in memory — giving cyber criminals a split-second opportunity to intercept unencrypted data while transactions await authorization.

To avoid detection, the developer of the RAM scraper may configure it to either send the data out at a predetermined time or exfiltrate it on demand. By lurking unnoticed in POS terminals or servers storing transaction data, these Trojans can build up massive stores of payment cards to pass on to attackers for as long as they remain undetected.

How Does POS Malware Get In?

How do hackers get malware onto POS terminals in the first place? With most POS terminals being computers with Windows or UNIX operating systems, it’s not too hard given the resources and sophistication of hackers today. Potential entry points include emails accessed through the terminals and remote access controls for pushing out updates or other tools.

Steps To Prevent Damages From POS Malware

What can merchants do to stop Trojans from infecting POS systems or exfiltrating data when they do? For starters, it helps to:

1.     Educate employees about the dangers of clicking on links or attachments in emails from unfamiliar sources

2.     Deploy internal segmentation firewalls to isolate POS terminals in protected zones

3.     Limit people authorized to access protected zones

4.     Require two-factor authentication to get into protected zones

5.     Deploy layers of security including endpoint protection and an advanced threat protection framework that monitors and detects internal threats, and prevents them from attacking data

Finally, consider a quick check up on the ability of your cybersecurity to ward off POS malware  — like the free online threat assessment program offered by our partner, Fortinet. Then contact SLAIT Consulting for recommendations on how to build up your immunity.