Security Brief: Protecting Retail Customers From POS Attacks
For the past several years, Point of Sale (POS) systems have been a prime target for cyber attacks.
Last year, POS systems were besieged by hackers using malware such as LockPos/FlokiBot, MajikPOS, and JackPOS, to name a few. The reason is no mystery – POS systems are a key part of a retailer’s transaction process. They provide an access point through which cybercriminals can access and steal customers’ payment information, making them attractive targets for malicious hackers.
POS systems that support retail operations have been shown to be a weak spot in cybersecurity. A series of high profile hacks in 2017 exposed customers’ personally identifiable information (PII) and payment card details. Recent POS malware created to hurt retailers include UDPoS and PoSeidon, that have been identified by researchers as an evolved variant that was professionally designed to be quick and evasive with new capabilities such as communication with command-and-control servers, self-updating to execute new code and self-protection to guard against reverse engineering.