Protecting PoS systems in the wake of the latest breach at Applebee’s
Applebee’s was the Victim of a Point of Sale (PoS) Malware Attack
Last week, Applebee’s announced it was the victim of a Point of Sale (PoS) malware attack, warning customers in 15 states that their PII and credit card information was at risk. The attack is reported to have impacted 167 POS systems in the states of Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Oklahoma, Pennsylvania, Texas, and Wyoming.
MH Franchise Holdings, the parent company, revealed that guest names, credit or debit card numbers, expiration dates, and card verification codes, had possibly been compromised because of the attack. While the breach was detected on Feb. 13, 2018, it appears that the malware was present on most of the PoS systems from December 6, 2017, and January 2, 2018, and as early as November 23 or December 5, 2017, in a small number of their restaurants.
Why PoS Remains an Attractive Target
For the past several years, Point of Sale (POS) systems have been a prime target for cyber attacks. Last year, POS systems were besieged by hackers using malware such as LockPos/FlokiBot, MajikPOS, and JackPOS, to name a few. The reason is no mystery – POS systems are a key part of a retailer’s transaction process. They provide an access point through which cybercriminals can access and steal customers’ payment information, making them attractive targets for malicious hackers.
POS systems that support retail operations have been shown to be a weak spot in cybersecurity. A series of high profile hacks in 2017 exposed customers’ personally identifiable information (PII) and payment card details. Recent POS malware created to hurt retailers includes UDPoS and Poseidon, which has been identified by researchers as an evolved variant that was professionally designed to be quick and evasive with new capabilities such as communication with command-and-control servers, self-updating to execute new code and self-protection to guard against reverse engineering.
Protecting PoS Systems from Malware Attacks
As demonstrated by the Applebee’s breach, dwell time – the period between infection and discovery – is the key to a successful attack. It is this period of time before they are discovered that hackers use to steal customer data, from PII to payment data, that they can then exploit or sell on the dark web to the highest bidder.
Retailers, restaurants, hotels and other companies who rely on POS systems to process payments require the ability to control and limit dwell time if they are to begin properly and effectively protecting their customers’ data and mitigate risk. Case in point, a recent research report determined that by simply limiting dwell time to 30 days results in a reduction in business impact by 23%. When retailers are able to successfully confine the dwell time of malware to one single day, they can effectively attain a 96% reduction in the impact on their business.*
Assessing the Health of PoS Systems
Retailers must take proactive steps to hunt down malware that’s residing undetected on PoS systems. Failure to do so will carry significant risks to customer data, company reputation and profits.
About Infocyte HUNT
Infocyte HUNT finds PoS malware that other tools can’t and dramatically reduces the dwell time of infections in your environment. It enables your security/IT teams to quickly and easily implement advanced and repeated sweeps of your PoS systems and every network node to illuminate and neutralize hidden threats.
Learn more about protecting PoS systems from malware with Infocyte HUNT.
Infocyte is an easy path to implement EDR or MDR for mid-size organizations. Learn more from Forrester's Now Tech Report here.
Interested in Sunburst and how to address compromises on your network?
Test out Infocyte's endpoint detection and response platform for free with our community edition: