About Thawte

• Contact Us
• Worldwide Sites
• Why Thawte

The retail sector has recently experienced a rash of point of sales attacks in which hackers target the purchasing system to steal customer and company data. As large and small merchants continue to report infections of this kind, is becomes more important to understand how these attacks work and how organizations can work to prevent them.

The seven stages of POS malware
In the majority of cases, POS attacks take place due to malware infections. A recent Websense infographic noted that a typical POS malware attack goes through seven stages, depending upon the infiltration technique used.

In the first stage, hackers perform recon on the retailer to examine the POS system infrastructure being used. Cybercriminals will also seek details into the enterprise network topology to determine the best way to infect the platform. During the second stage, malicious individuals will work to lure users on the business side with an email or Web attack that either leverages a traffic redirect and exploit kid, or a dropper file.

In either case, the next step involves the use of a POSRAM, or RAM memory scraper to collect and send customer payment card information to an offsite location controlled by the cyberthieves. With the POSRAM in place, hackers have the ability to gather and decipher encrypted shoppers' sensitive information for a brief period of time. Once this data is captured, it is stored within a text file where it can be sold on the black market for profit.

POS attack techniques
In some POS attacks, cybercriminals utilize a strategy called "skimming," which eventually lead to the creation of POS-targeting malware. In a skimming attack, hackers deploy a device on the physical card reader to intercept payment card information. However, this is a difficult approach to leverage, especially on a large scale.

For this reason, cyberthieves began using malware as a means to copy card data once it is scanned by the card reader. These samples exploit a number of security issues, including a lack of protection measures demanded by industry standards. All groups that process, archive or transmit card information must follow the guidelines of the Payment Card Industry Data Security Standard. However, those that are noncompliant open themselves up to a range of exploitable protection issues used by hackers in POS attacks.

Additionally, when retailers do not have point-to-point encryption in place, it also leaves an open hole for hackers. This practice, along with software vulnerabilities, a sensitivity to malicious coding and the overall slow adoption of advanced payment card standards creates security vulnerabilities that cybercriminals will leverage in POS infiltrations.

How to protect against POS attacks
While there are several causes and techniques used by hackers to carry out POS attacks, there are also a number of approaches retailers can utilize to prevent them. This includes the use of a layered security system that has antivirus and antimalware software, filters and firewalls, as well as encryption, noted ITProPortal.

Websense also noted that several recent POS attacks involved malicious insiders that either carried out the infiltrations themselves, or shared sensitive information with hackers. In fact, a Identity Theft Research Center study showed that attacks due to insiders rose 80 percent in 2012, and those connected with third parties increased 67.9 percent. For this reason, business leaders should also work to identify internal threats by vetting current employees and any partners or outsourced vendors.

Additionally, vendors can ensure that their software programs are up-to-date and that only authorized programs are allowed to run within the network. Experts also recommend doubling up on encryption with the use of SSL certificates, and regularly testing security measure to guarantee their functionality.

Protect data in transit with an SSL certificate today.

corporate office

Thawte
The Gateway
Century Lane
Century City, 7441
Cape Town
South Africa

Postal Address:
P O Box 15986
Panorama 7500
Cape Town
South Africa

Call: +353 1 793 9141
Fax: +27 21 819 2950