Protecting PoS systems in the wake of the latest breach at Applebee’s

POS-with-sticker.png

Last week, Applebee’s announced it was the victim a Point of Sale (PoS) malware attack, warning customers in 15 states that their PII and credit card information was at risk. The attack is reported to have impacted 167 POS systems in the states of Alabama, Arizona, Florida, Illinois, Indiana, Kansas, Kentucky, Missouri, Mississippi, Nebraska, Ohio, Oklahoma, Pennsylvania, Texas, and Wyoming.

MH Franchise Holdings, the parent company, revealed that guest names, credit or debit card numbers, expiration dates, and card verification codes, had possibly been compromised because of the attack. While the breach was detected on Feb. 13, 2018, it appears that the malware was present on most of the PoS systems from December 6, 2017 and January 2, 2018, and as early as November 23 or December 5, 2017 in a small number of their restaurants.

Why PoS Remains an Attractive Target

For the past several years, Point of Sale (POS) systems have been a prime target for cyberattacks. Last year, POS systems were besieged by hackers using malware such as LockPos/FlokiBot, MajikPOS, and JackPOS, to name a few. The reason is no mystery - POS systems are a key part of a retailer's transaction process. They provide an access point through which cybercriminals can access and steal customers' payment information, making them attractive targets for malicious hackers. 

POS systems that support retail operations have been shown to be a weak spot in cybersecurity. A series of high profile hacks in 2017 exposed customers' personally identifiable information (PII) and payment card details. Recent POS malware created to hurt retailers include UDPoS and Poseidon, which has been identified by researchers as an evolved variant that was professionally designed to be quick and evasive with new capabilities such as communication with command-and-control servers, self-updating to execute new code and self-protection to guard against reverse engineering.  

Protecting PoS Systems from Malware Attacks

As demonstrated by the Applebee’s breach, dwell time - the period between infection and discovery - is the key to a successful attack. It is this period of time before they are discovered that hackers use to steal customer data, from PII to payment data, that they can then exploit or sell on the dark web to the highest bidder. 

Retailers, restaurants, hotels and other companies who rely on POS systems to process payments require the ability to control and limit dwell time if they are to begin properly and effectively protecting their customers' data and mitigate risk. Case in point, a recent research report determined that by simply limiting dwell time to 30 days results in a reduction in business impact by 23%. When retailers are able to successfully confine the dwell time of malware to one single day, they can effectively attain a 96% reduction in the impact to their business.*

Assessing the Health of PoS Systems

Retailers must take proactive steps to hunt down malware that’s residing undetected on PoS systems. Failure to do so will carry significant risks to customer data, company reputation and profits. 


About Infocyte HUNT

Infocyte HUNT finds PoS malware that other tools can’t and dramatically reduces the dwell time of infections in your environment. It enables your security/IT teams to quickly and easily implement advanced and repeated sweeps of your PoS systems and every network node to illuminate and neutralize hidden threats. 

Learn more about protecting PoS systems from malware with Infocyte HUNT. 
 

Chris Gerritz

Infocyte, Inc., 110 East Houston Street; Floor 7, San Antonio, TX, 78205