Applebee’s was the Victim of a Point of Sale (PoS) Malware Attack
Last week, Applebee’s announced it was the victim of a Point of Sale (PoS) malware attack, warning customers in 15 states that their PII and credit card information was at risk. The attack is reported to have impacted 167 POS systems in the states of Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Oklahoma, Pennsylvania, Texas, and Wyoming.
MH Franchise Holdings, the parent company, revealed that guest names, credit or debit card numbers, expiration dates, and card verification codes, had possibly been compromised because of the attack. While the breach was detected on Feb. 13, 2018, it appears that the malware was present on most of the PoS systems from December 6, 2017, and January 2, 2018, and as early as November 23 or December 5, 2017, in a small number of their restaurants.
Why PoS Remains an Attractive Target
For the past several years, Point of Sale (POS) systems have been a prime target for cyber attacks. Last year, POS systems were besieged by hackers using malware such as LockPos/FlokiBot, MajikPOS, and JackPOS, to name a few. The reason is no mystery – POS systems are a key part of a retailer’s transaction process. They provide an access point through which cybercriminals can access and steal customers’ payment information, making them attractive targets for malicious hackers.
POS systems that support retail operations have been shown to be a weak spot in cybersecurity. A series of high profile hacks in 2017 exposed customers’ personally identifiable information (PII) and payment card details. Recent POS malware created to hurt retailers includes UDPoS and Poseidon, which has been identified by researchers as an evolved variant that was professionally designed to be quick and evasive with new capabilities such as communication with command-and-control servers, self-updating to execute new code and self-protection to guard against reverse engineering.
Protecting PoS Systems from Malware Attacks
As demonstrated by the Applebee’s breach, dwell time – the period between infection and discovery – is the key to a successful attack. It is this period of time before they are discovered that hackers use to steal customer data, from PII to payment data, that they can then exploit or sell on the dark web to the highest bidder.
Retailers, restaurants, hotels and other companies who rely on POS systems to process payments require the ability to control and limit dwell time if they are to begin properly and effectively protecting their customers’ data and mitigate risk. Case in point, a recent research report determined that by simply limiting dwell time to 30 days results in a reduction in business impact by 23%. When retailers are able to successfully confine the dwell time of malware to one single day, they can effectively attain a 96% reduction in the impact on their business.*
Assessing the Health of PoS Systems
Retailers must take proactive steps to hunt down malware that’s residing undetected on PoS systems. Failure to do so will carry significant risks to customer data, company reputation and profits.
About Infocyte HUNT
Infocyte HUNT finds PoS malware that other tools can’t and dramatically reduces the dwell time of infections in your environment. It enables your security/IT teams to quickly and easily implement advanced and repeated sweeps of your PoS systems and every network node to illuminate and neutralize hidden threats.
Learn more about protecting PoS systems from malware with Infocyte HUNT.
More from our blog
Despite the rich data provided by SIEMs, organizations find themselves drowning in false positives, making it difficult to focus on high-priority events. This problem of alert fatigue prevents cyber security teams from identifying and addressing real threats – impacting small teams with no SOC, large enterprise teams with a SOC, and MSSPs overseeing the security for many SOCs/customers.Read More »
In 2018, the U.S. Healthcare Industry Remained a Hot Target for Data Breaches. Last year alone, over 15 million patient records were affected with an average of one data breach occurring every 24 hours in the healthcare industry. It goes without saying that hackers and cyber attackers are finding ways around/through/past security defenses—exploiting vulnerabilities and…Read More »
A Brief History of Forensic State Analysis Prior to starting Infocyte, our co-founders, Chris Gerritz and Russ Morris, created the first enterprise-scoped threat hunting team for the entire U.S. Department of Defense. Their teams were responsible for hunting, detecting, and responding to highly sophisticated attacks across an 800,000-node network. With virtually unlimited resources and access…Read More »