How to Defend Against Point of Sale Malware Attacks
Security | Aug 16, 2016
Point-of-sale (PoS) devices are machines used by businesses to conduct a retail transaction (i.e. a credit card swiper). Despite new technologies like chip-enabled credit cards and mobile payment systems, PoS malware continues to be a major threat, driving most of the major credit card breaches in the last few years.
Two new attacks made headlines this week with breaches reported at Oracle’s MICROS point-of-sale division and twenty hotels, belonging to the HEI Hotels and Resorts group. PoS systems are a lucrative target for hackers, as they offer the ability to directly capture financial information like credit card numbers, expiration dates, customer names, etc.
What makes PoS attacks so prevalent?
PoS systems represent something of a soft target for hackers. Due to the nature of their use, they have inherent vulnerabilities, including:
- PoS systems must be connected to the network in order to communicate with corporate systems and/or external credit card processors.
- Most PoS terminals use embedded versions of Windows or Linux, making them vulnerable to malware.
- PoS systems are often deployed in exposed and/or remote locations, making securing them more difficult.
Basic security precautions like the prohibition of installing new applications, or standard signature-based tools to block known malware, are relatively easy for hackers to overcome. Users surfing the internet, checking email, or playing games can lead to malware infection and unknown threats pass traditional solutions with ease. When an organization is running hundreds of processes on thousands of machines in the enterprise, these risks are quickly exacerbated. Once infected Malware can then quickly spread from machine to machine.
So how can organizations defend against PoS attack?
These latest incidents reinforce the importance of strong endpoint detection and response (EDR) tools that an organization can use to detect a POS attack and prevent hackers from actually extracting any data. With EnCase® Endpoint Security, organizations can overcome these issues and mitigate the financial risks of a PoS attack.
Built on the foundational, light, EnCase agent on the endpoint, EnCase Endpoint Security is the proven solution for advanced threat detection, threat -hunting, incident response, and secure removal of malware – all with no disruption to business operations.
With EnCase Endpoint Security, analysts and incident responders get 360-degree visibility into every endpoint, compare them to known healthy states, and easily detect malicious or anomalous activities, processes, and connections. They can also use EnCase Endpoint Security to automatically respond to security alerts from other tools, to prevent data theft in case of a security incident.
Alfred Chung is a Senior Product Manager with Guidance Software, and is responsible for the EnCase® Endpoint Security solution, an endpoint detection and response (EDR) tool, designed to detect known and unknown cyber threats and provide incident responders with capabilities to rapidly respond and remediate those threats.