If Only Marriot Had Used Continuous Endpoint Visibility Then Their Point Of Sale Attack Could Have Been Prevented – Charles Leaver

Written By Andy Wilson And Presented By Ziften CEO Charles Leaver

USA retail outlets still appear an appealing target for hackers seeking payment card data as Marriott franchisee White Lodging Services Corp announced a data breach in the Spring of 2015, impacting clients at 14 hotels throughout the nation from September 2014 to January 2015. This breach comes after White Lodging suffered a comparable breach in 2014. The cyber criminals in both cases were supposedly able to jeopardize the Point-of-Sale systems of the Marriott Lounges and Restaurants at several locations run by White Lodging. The assailants had the ability to obtain names printed on clients’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates. Point-of-Sale systems were also the focus of recent breaches at Target, Neiman Marcus, Home Depot, and others.

Generally, Point-of-Sale (or POS) systems at many US retail outlets were “locked down” Windows devices running a minor set of applications geared towards their function – phoning the sale and processing a deal with the Credit Card merchant or bank. Modern Point of Sale terminals are essentially PC’s that run email applications, internet browsers and remote desktop tools in addition to their transaction software applications. To be fair, they are often released behind a firewall, but are still ripe for exploiting. The best defenses can and will be breached if the target is valuable enough. For instance, push-button control tools used for management and upgrading of the Point of Sale systems are frequently hijacked by hackers for their purposes.

The charge card or payment processing network is a totally different, air-gapped, and encrypted network. So how did cyber attackers manage to steal the credit card data? They took the data while it remained in memory on the Point of Sale terminal while the payment procedure was being conducted. Even if sellers don’t store credit card info, the data can be in an unencrypted state on the POS device while the payment transaction is verified. Memory-scraping POS malware such as PoSeidon, FindPOS, FighterPOS, and PunKey are utilized by the data burglars to harvest the payment card info in its unencrypted state. The data is then typically encrypted and obtained by the hackers or sent to the Internet where it’s retrieved by the burglars.

Ziften’s system provides continuous endpoint visibility that can discover and remediate these types of hazards. Ziften’s MD5 hash analysis can discover brand-new and suspicious procedures or.dll files running in the Point of Sale environment. Ziften can also kill the process and gather the binary for additional action or analysis. It’s likewise possible to detect Point of Sale malware by notifying to Command and Control traffic. Ziften’s integrated Risk Intel and Custom-made Threat Feed alternatives enables clients to notify when POS malware talks to C&C nodes. Lastly, Ziften’s historic data allows clients to begin the forensic evaluation of how the malware got in, what it did after it was installed, and executed and other machines are contaminated.

It’s past time for retailers to step up the game and look for new services to protect their clients’ charge cards.

Leave a Reply

Your email address will not be published. Required fields are marked *