The holidays signal the peak shopping season for both brick and mortar shops and online retailers. This year’s sales are predicted to bring in $682 billion for US retailers alone. Specific sales days such as Black Friday and Cyber Monday generally signal the kick off of the US's peak shopping season, and are gaining popularity in Europe, but in certain countries such as France and Italy it is the January sales that are part of the culture and account for a big portion of retail activity.
While traditional retailers have been under pressure from online retail growth, declining inflation and improved employment numbers in the EU member states combine to predict net growth in stationary retail this year. Even in post Brexit UK, Oxford Street in London is still the busiest shopping street in Europe, boasting 500,000 pedestrians per day. Clearly people are still shopping in person, and wherever you live, it’s nearing the time of year to shop.
But as the holiday shopping season approaches, we also need to brace for more retail focused cyberattacks from Point Of Sale (POS) malware attacks to retail and bank account takeovers. POS breaches will be one of the top most likely threats, and will be the number one most threatening in terms of potential severity, according to Booz Allen’s Cyber4Sight 2017 Peak Retail Season Special Report.
Booz Allen also identified compromised payment card data for sale on Joker’s Stash, one of the most popular and frequently restocked underground marketplaces. According to the report, "In many cases, the time span between POS compromise and data exfiltration may be weeks or months in length, suggesting that retailers anticipating potential attacks during peak retail season should expect initial stages of POS malware infections to occur in advance of the busy retail period."
At this moment it is highly likely that more than a few POS systems have been hacked and are home to malware that is residing undetected, waiting to strike or quietly collecting information and exfiltrating the data of holiday shoppers.
POS Systems Under Attack
Since the start of this year, POS systems have been under siege from LockPos/FlokiBot, MajikPOS, AlinaPOS, and JackPOS, to name a few. There’s no mystery to the reason - POS systems are a key part of a retailer's transaction process. They provide an access point through which cybercriminals can access and steal customers' payment information, making them attractive targets for malicious hackers.
Over the past couple of years the POS systems that support the operations of hotels and retail operations have been demonstrated to be a weak spot in cybersecurity. In the past year alone high-profile attacks on retailers Brooks Brothers and KMart (for the second time in 3 years), food services including Avanti Kiosks, Whole Foods, Chipotle, Wendy’s, Arby’s, Shoney’s, Sonic, and hotels including Intercontinental Hotel Group and Trump Hotels have all exposed customer financial information.
The 2015 hack of the Hilton hotels (Hilton Domestic Operating Company) recently resulted in a settlement of $700,000 to the states of NY and Vermont for not practicing reasonable data security and failing to provide customers with timely notification of the breach. In light of recent breaches, it’s safe to assume this trend is likely to increase if it can be proven that insufficient security measures were in place to prevent the breach.
Retailers would be advised to start taking proactive steps from to hunt down malware that’s residing undetected. If you have not already embraced threat hunting, now is the time. Hackers are actively targeting and breaching retail operations as we speak, ready to strike as the holiday shopping gets underway.
Today’s detection methods and technologies are predominantly focused on the real-time prevention and detection of attacks through 24/7 monitoring. That’s effective defense, however some malicious attacks penetrate these defenses and get through and dwell unknown. What is missing are processes and technology that address detection of adversaries and threats that are residing undetected on endpoints.
An excellent start is to use a scalable solution like Infocyte HUNT that can be used by your own security or IT teams to sweep endpoints, including POS systems, looking for malware and APTs that are hiding on endpoints right now. Once found, these threats can be quickly neutralized.
Don’t wait to be breached, or even worse to be told that you’ve been breached by angry customers. Find out if your endpoints are compromised with Infocyte HUNT.