POS Under Attack: The Why, How & What to Do

November 1, 2014 | By Kevin Judge

Over the past year, there have been an alarming number of high profile data breaches of customer cardholder and personal information through compromises of retail Point-of-Sale (POS) systems. In December 2013, retail giant Target revealed that a breach of their Point-of-Sale systems in the early weeks of the holiday shopping season had compromised the personal data of as many 110 million customers, including the information needed to duplicate credit/debit cards.

Despite heightened awareness of the vulnerability of POS and the impact of POS breaches, 2014 has been a banner year for hacker attacks on POS. As each month has rolled by, the “body count” has piled up: Michaels, Neiman Marcus, PF Chang and Sally Beauty all reporting compromises to their POS and the loss of cardholder and customer personal information.

Then in August, a deluge. After Homeland Security warned of the Backoff malware that targets POS, there has been a flood of high profile POS compromise revelations. The US Secret Service has reported that at least 1,000 retailers have been compromised by Backoff and that the 7 largest makers of Point-of-Sale systems report having their customer systems infected. Breaches at the UPS Store and 2 of the largest owners of Supermarket chains, Supervalu and AB Acquisition are just a few of the large retailers believed compromised by Backoff.

In September the wave continued with a monster breach at Home Depot. The highly respected blog krebsonsecurity.com reported that banks have been that a large number of counterfeit credit cards were already available on the black-market that are connected to a breach of Home Depot POS.

And it hasn’t stopped. Dairy Queen and Staples have been revealed to be victims in recent weeks.

Are you going to be next?

Impact to You and Your Business: Target as a Lesson

The Target data breach provides an example of how severe the impact can be of a compromised POS system. In August, Target revealed that it had spent $148 million dollars in the second quarter, on top of $200 million in the first quarter, in cleaning up the immediate problem, such as cleaning the
malware from the network, reissuing cards and offering customer’s free identity theft services.

While this is offset by a $38 million insurance policy against such events, this does not include Target’s exposure to financial losses incurred by the cardholders and the issuing authorities. Target is currently defending itself against numerous law suits claiming billions of dollars in damages from the POS breach. In the aftermath of the breach, Target experienced a decline in the stock price and in year over year sales. While it is difficult to correlate, a loss of consumer confidence due to the breach is clearly a concern.

Shortly after the breach was revealed, Target’s Chief Information Officer resigned. In May, its Chief Executive Officer stepped down, at least partly due to the fallout from the breach. You can only imagine the impact that this incident and the leadership turmoil have had on the rest of Target’s Information Technology and Business organization.

Do you want to be dealing with such a situation in your organization?

Why POS is Vulnerable

Most POS systems consist of desktop computer running the Windows operating system and several POS devices directly connected. Windows is a well understood and high profile target for hackers. In too many cases, the POS computer is treated like all other desktops on the operator’s network, with the standard endpoint protection of antivirus and personal firewall.

The traditional approach to protecting endpoints focuses on detecting threats. The leaves most endpoint security vulnerable to zero day malware, where the threat has not yet been discovered by the vendor and their signature files not yet updated. Malware creators are very good at modifying the files of known malware so that, for a time, they will be undetected as a threat.

BlackPOS, the malware used in the Target Data breach, was “in the wild” at least 3 months before being discovered and most antivirus systems could be updated to deal with it. According to Verizon’s 2014 Data Breach Report, 85% of POS intrusions compromised the target for more than 2 weeks before being detected. By the time the malware is discovered it may be too late.

secureBoc_logo

Comodo SecureBox: A New Paradigm

Comodo’ solution to the POS crisis is to begin with a radical assumption: All endpoints can be compromised, therefore your application must be able to run safely in a compromised environment. We built SecureBox to be fortress in which your application can operate normally even when the landscape is overrun with malicious programs.

Unlike existing security solutions that seek to protect POS software by protecting the host system, Comodo SecureBox assumes the host will always be vulnerable and zealously protects the application itself. SecureBox inverts the traditional security approaches by running critical applications inside a dedicated, security hardened container which cannot be modified by any other processes which are running. The core containerization technology is augmented with key-logger protection, AV scanning, Memory Scraping protection, remote takeover protection and Anti-SSL sniffing to transform existing POS computers into truly secure Point of Sale platform.

To learn more here

SecureBox Video

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>