Point-of-sale machines are one of the most important parts of the retail ecosystem. After all, without these devices, transactions couldn't take place, or would be incredibly slow with pencil and paper. Therefore, ensuring the functionality and security of these systems should be a high priority for any retailer. If they don't want to incur extra costs and potentially damage their reputations, companies need to understand the impact a breach like this could have and make sure they're taking the proper precautions.
In the past, the importance of POS security has entered the media limelight on numerous occasions. Most notably, or maybe the one that got the most press time, was the infamous Target hack of 2013. The financial data of around 40 million people was stolen in one of the largest cyber security incidents on record. CNN reported in 2015 that the retail giant would have to pay a total of $10 million back to the customers whose data was accessed, up to $10,000 per person on a first-come, first-served basis. This attack was orchestrated by a piece of malware called BlackPOS.
This incident damaged Target's reputation, although the losses weren't crippling for the company. Smaller companies, however, may not have the same luxury. A data breach, according to The Ponemon Institute's 2015 report, can cost an average of $3.8 million per incident, and many companies may not come back from such an attack.
The serious consequences of having a compromised POS system can leave many businesses asking how to prevent these incidents. How do retailers make sure their machines are safe and malware-free?
It may be helpful to take a look at some common kinds of POS malware and see how they can infiltrate systems:
This is the malware that was behind the attack on Target in 2013 and other retailers, including Home Depot, in 2014. According to Trend Micro researchers, the source code for this malware was leaked in 2012, possibly leading to those particular attacks. Most recently, the malware strain was found to be a part of the Black Atlas operation that targeted retailers late last year.
In November, a security firm discovered a POS malware called ModPOS that was hitting retailers just before the holidays, according to Dark Reading contributor Sara Peters. This malicious program is cause for concern among security researchers, because it's more stealthy than BlackPOS and others that have been on the scene before. It's able to do more than just standard credit card scrapes; it also comes equipped with keylogger and uploader/downloader capabilities, which track keystrokes searching for passwords and could potentially add more pieces of malware to the systems, respectively.
In 2015, Trend Micro researchers found that FighterPOS was used to steal more than 22,000 unique credit card numbers. One single hacker was able to infiltrate more than 100 POS terminals in Brazil and elsewhere. Recently, it was discovered that the malware now has the ability to spread to other computers on a connected network, as well.
There are myriad forms of these kinds of malware. Some of them have even been known to target POS systems within supply chains and infiltrate companies in this manner. For instance, the Lenovo add-on Superfish, which came pre-loaded onto Lenovo computers at the beginning of 2015, presented some critical vulnerabilities and security issues.
Another danger looming on the horizon is the large groups of hackers that make up China's underground cyber criminal operations. According to Trend Micro security researcher Lion Gu, there are places on the Internet where malicious actors can go to purchase the tools they need to perpetrate these kinds of crimes. This presents a distinct danger for retailers and businesses, now, because a worldwide network of hackers sharing information can lead to bigger threats than ever.
"Toolkits are becoming more available and cheaper; some are even offered free of charge," Gu wrote. "Prices are lower and features are richer. Underground forums are thriving worldwide, particularly in Russia, China, and Brazil. These have become popular means to sell products and services to cyber criminals in the said countries. Cyber criminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online "shops" harder for law enforcement to find and take down."
Gu's research hones in on the mobile underground in China, in particular. Among the tools available for hackers to purchase are premium service numbers, SMS forwarders and SMS spamming devices. All of these are essential in the everyday cyber criminal's toolkit for perpetrating online attacks, and they're able to find all of these on the underground marketplace in China. These cyber criminals have been able to keep up with technological advancements and current trends, so it's critical that retailers make sure they're also staying on top of their security enhancements as the malware landscape becomes more complicated.
As Gu mentioned, China isn't the only country with a healthy network of hackers operating just below the surface. Brazil, especially, is a place where the underground network of cyber crime is thriving. Trend Micro threat researchers reported recently that cyber criminals are now offering training courses and specific tools to would-be hackers for a price on the underground market.
There are many different kinds of malware waiting to infiltrate sales machines, and more are being created every day. POS security, therefore, is paramount.
How do you keep your machines safe?
Because of the personal nature of the financial information moving through their POS systems on a daily basis, it's critical for retailers to make sure their devices are secure. The nature of some of these attacks – like ModPOS – is to stealthily wait on your system, gathering your customers' data and personal information. A breach of this nature could lead to significant financial and reputational loss.
POS machines contain sensitive financial data, and it's crucial for retailers to make sure they're protecting these devices effectively. Where possible, it's critical to apply endpoint security to your POS devices. In addition, network-based protections can augment the current endpoint security solutions, or at the very least can provide greater protection against intrusion in those situations where endpoint security isn't feasible. In other words, investing in security solutions can make a difference in the long run and prevent damage.