How should retailers respond to the rising threat of POS attacks?

Over the past few years, retailers have faced an unprecedented increase in malicious attacks targeting POS systems. It is of no surprise that these machines are a desirable target for cyber criminals, as they process and store highly lucrative financial information. Unfortunately, the growing intensity of cyber-threats alongside pressure to keep up with technology innovation, is putting many retailers in a precarious situation.

Although this global trend of digitilisation improves customer experience, it often means that security is put on the back burner. This not only increases the risk of exposing financial data, it also affects their brand trust, compliance status and revenue. Large scale data breaches like Adidas, Carphone Warehouse and Superdrug prove that many retailers are not prioritising investment into their Cyber Security strategy.

Cyber Security should be at the forefront of business agenda for all retailers. As retailers depend on POS machines to process thousands of transactions daily, it would be counter intuitive to not protect these business critical systems. Unfortunatley, due to the number of credit cards used as part of their buying process, financially motivated criminals will always target retailers.  A successful POS attack can reap instant rewards for bad actors as they can quickly sell it on the dark web. To avoid this kind of damaging breach (and a hefty fine from the ICO), retailers need to take full responsibility for protecting these machines and the sensitive information they store.

In the past, the retail industry has made the mistake of viewing Cyber Security as a ‘checkbox’ activity. However, due to changing consumers attitudes towards data protection, more stringent compliance and security requirements have been introduced.  These include: PCI, SOX, HIPAA and state privacy regulations.

• One third of retailers lose revenue over targeted cyber-breaches. 16 percent of companies lose more than £800,000.
• Even though retailers know they are a prime target for cyber criminals, only 52 percent are confident that they have a proactive strategy which will protect them from the latest threats.
• Shockingly, only 61 percent of retailers feel they are compliant with retail security standards.
• A recent Cyber Security report by Alert Logic found that retail was the most targeted industry (85%) for web application attacks.

A POS attack involves deploying malware on a point-of-sale device which captures the financial information stored in the temporary memory. The cyber criminals can then connect remotely to the device to steal the credit card data. While some hackers develop the malicious code themselves, it can be easily purchased from the dark web.

Key loggers are a popular type of malware used in POS cyber breaches. Bad actors use this to monitor keystrokes at the POS terminal. Some advanced key logger attacks even use video to provide the most relevant financial data. One of the most prevalent methods of POS attacks involves using RAM scrapers. RAM scrapers are able to capture card data before it gets encrypted, the malware then digests the card information and transfers it to a file on the attacker’s computer.

Verizon listed point-of-sales system attacks in the ‘top 9’ cyber-attack vectors world-wide. Clearly retailers need to be taking a stronger stance against these increasingly sophisticated cyber breaches. But how can retailers secure their POS systems?

First of all, they should have security controls in place which allow them to differentiate between different types of malware and their specific capabilities. Retailers need to have full visibility of POS threats so that they can amend their security controls accordingly. As cliché as it sounds, you need to think like a hacker to effectively protect your critical data. By understanding the capabilities of the POS malware, retailers can develop a clear picture of how to stop hackers successfully conducting an attack. They can then implement a security strategy which aims to eradicate ‘the window of opportunity’ which hackers rely upon to gain entry to critical systems.

Tripwire is a powerful cyber security tool which can be used to reduce the risk of cyber-attacks, upgrade operations and achieve compliance.

Tripwire has recently introduced POS Threat Protection software which is bundled with the Tripwire Enterprise package. This software has the capability to detect unauthorized changes in POS devices, drifts in server configurations within the payments network and rogue connections to external sites.

POS devices should always have predictable configurations, which is why it is critical to monitor any unplanned changes. With Tripwire you are proactively alerted if any abnormal changes are discovered- in real time.