We Need to Brace for more Point Of Sale (POS) Malware Attacks
The holidays signal the peak shopping season for both brick and mortar shops and online retailers. This year’s sales are predicted to bring in $682 billion for US retailers alone. Specific sales days such as Black Friday and Cyber Monday generally signal the kick off of the US’s peak shopping season and are gaining popularity in Europe, but in certain countries such as France and Italy, it is the January sales that are part of the culture and account for a big portion of the retail activity.
While traditional retailers have been under pressure from online retail growth, declining inflation and improved employment numbers in the EU member states combine to predict net growth in stationary retail this year. Even in post Brexit UK, Oxford Street in London is still the busiest shopping street in Europe, boasting 500,000 pedestrians per day. Clearly, people are still shopping in person, and wherever you live, it’s nearing the time of year to shop.
But as the holiday shopping season approaches, we also need to brace for more retail focused cyberattacks from Point Of Sale (POS) malware attacks to retail and bank account takeovers. POS breaches will be one of the top most likely threats and will be the number one most threatening in terms of potential severity, according to Booz Allen’s Cyber4Sight 2017 Peak Retail Season Special Report.
Booz Allen also identified compromised payment card data for sale on Joker’s Stash, one of the most popular and frequently restocked underground marketplaces. According to the report, “In many cases, the time span between POS compromise and data exfiltration may be weeks or months in length, suggesting that retailers anticipating potential attacks during peak retail season should expect initial stages of POS malware infections to occur in advance of the busy retail period.”
At this moment it is highly likely that more than a few POS systems have been hacked and are home to malware that is residing undetected, waiting to strike or quietly collecting information and exfiltrating the data of holiday shoppers.
POS Systems Under Attack
Since the start of this year, POS systems have been under siege from LockPos/FlokiBot, MajikPOS, AlinaPOS, and JackPOS, to name a few. There’s no mystery to the reason – POS systems are a key part of a retailer’s transaction process. They provide an access point through which cybercriminals can access and steal customers’ payment information, making them attractive targets for malicious hackers.
Over the past couple of years, the POS systems that support the operations of hotels and retail operations have been demonstrated to be a weak spot in cybersecurity. In the past year alone high-profile attacks on retailers Brooks Brothers and KMart (for the second time in 3 years), food services including Avanti Kiosks, Whole Foods, Chipotle, Wendy’s, Arby’s, Shoney’s, Sonic, and hotels including Intercontinental Hotel Group and Trump Hotels have all exposed customer financial information.
The 2015 hack of the Hilton hotels (Hilton Domestic Operating Company) recently resulted in a settlement of $700,000 to the states of NY and Vermont for not practicing reasonable data security and failing to provide customers with timely notification of the breach. In light of recent breaches, it’s safe to assume this trend is likely to increase if it can be proven that insufficient security measures were in place to prevent the breach.
Retailers would be advised to start taking proactive steps from to hunt down malware that’s residing undetected. If you have not already embraced threat hunting, now is the time. Hackers are actively targeting and breaching retail operations as we speak, ready to strike as the holiday shopping gets underway.
Today’s detection methods and technologies are predominantly focused on the real-time prevention and detection of attacks through 24/7 monitoring. That’s an effective defense, however, some malicious attacks penetrate these defenses and get through and dwell unknown. What is missing is processes and technology that address the detection of adversaries and threats that are residing undetected on endpoints.
An excellent start is to use a scalable solution like Infocyte HUNT that can be used by your own security or IT teams to sweep endpoints, including POS systems, looking for malware and APTs that are hiding on endpoints right now. Once found, these threats can be quickly neutralized.
Don’t wait to be breached, or even worse to be told that you’ve been breached by angry customers. Find out if your endpoints are compromised with Infocyte HUNT.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »