• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Keep your POS machines safe

Keep your POS machines safe

  • Posted on:March 24, 2016
  • Posted in:Industry News
  • Posted by:
    Noah Gamer
0
Point-of-sale machines can be compromised by malware.

Point-of-sale machines are one of the most important parts of the retail ecosystem. After all, without these devices, transactions couldn't take place, or would be incredibly slow with pencil and paper. Therefore, ensuring the functionality and security of these systems should be a high priority for any retailer. If they don't want to incur extra costs and potentially damage their reputations, companies need to understand the impact a breach like this could have and make sure they're taking the proper precautions.

In the past, the importance of POS security has entered the media limelight on numerous occasions. Most notably, or maybe the one that got the most press time, was the infamous Target hack of 2013. The financial data of around 40 million people was stolen in one of the largest cyber security incidents on record. CNN reported in 2015 that the retail giant would have to pay a total of $10 million back to the customers whose data was accessed, up to $10,000 per person on a first-come, first-served basis. This attack was orchestrated by a piece of malware called BlackPOS.

This incident damaged Target's reputation, although the losses weren't crippling for the company. Smaller companies, however, may not have the same luxury. A data breach, according to The Ponemon Institute's 2015 report, can cost an average of $3.8 million per incident, and many companies may not come back from such an attack.

The serious consequences of having a compromised POS system can leave many businesses asking how to prevent these incidents. How do retailers make sure their machines are safe and malware-free?

POS malware

It may be helpful to take a look at some common kinds of POS malware and see how they can infiltrate systems:

BlackPOS
This is the malware that was behind the attack on Target in 2013 and other retailers, including Home Depot, in 2014. According to Trend Micro researchers, the source code for this malware was leaked in 2012, possibly leading to those particular attacks. Most recently, the malware strain was found to be a part of the Black Atlas operation that targeted retailers late last year.

ModPOS
In November, a security firm discovered a POS malware called ModPOS that was hitting retailers just before the holidays, according to Dark Reading contributor Sara Peters. This malicious program is cause for concern among security researchers, because it's more stealthy than BlackPOS and others that have been on the scene before. It's able to do more than just standard credit card scrapes; it also comes equipped with keylogger and uploader/downloader capabilities, which track keystrokes searching for passwords and could potentially add more pieces of malware to the systems, respectively.

FighterPOS
In 2015, Trend Micro researchers found that FighterPOS was used to steal more than 22,000 unique credit card numbers. One single hacker was able to infiltrate more than 100 POS terminals in Brazil and elsewhere. Recently, it was discovered that the malware now has the ability to spread to other computers on a connected network, as well.

Others
There are myriad forms of these kinds of malware. Some of them have even been known to target POS systems within supply chains and infiltrate companies in this manner. For instance, the Lenovo add-on Superfish, which came pre-loaded onto Lenovo computers at the beginning of 2015, presented some critical vulnerabilities and security issues.

Underground hackers

Another danger looming on the horizon is the large groups of hackers that make up China's underground cyber criminal operations. According to Trend Micro security researcher Lion Gu, there are places on the Internet where malicious actors can go to purchase the tools they need to perpetrate these kinds of crimes. This presents a distinct danger for retailers and businesses, now, because a worldwide network of hackers sharing information can lead to bigger threats than ever.

"Toolkits are becoming more available and cheaper; some are even offered free of charge," Gu wrote. "Prices are lower and features are richer. Underground forums are thriving worldwide, particularly in Russia, China, and Brazil. These have become popular means to sell products and services to cyber criminals in the said countries. Cyber criminals are also making use of the Deep Web to sell products and services outside the indexed or searchable World Wide Web, making their online "shops" harder for law enforcement to find and take down."

Gu's research hones in on the mobile underground in China, in particular. Among the tools available for hackers to purchase are premium service numbers, SMS forwarders and SMS spamming devices. All of these are essential in the everyday cyber criminal's toolkit for perpetrating online attacks, and they're able to find all of these on the underground marketplace in China. These cyber criminals have been able to keep up with technological advancements and current trends, so it's critical that retailers make sure they're also staying on top of their security enhancements as the malware landscape becomes more complicated.

As Gu mentioned, China isn't the only country with a healthy network of hackers operating just below the surface. Brazil, especially, is a place where the underground network of cyber crime is thriving. Trend Micro threat researchers reported recently that cyber criminals are now offering training courses and specific tools to would-be hackers for a price on the underground market.

There are many different kinds of malware waiting to infiltrate sales machines, and more are being created every day. POS security, therefore, is paramount.

How do you keep your machines safe?

Because of the personal nature of the financial information moving through their POS systems on a daily basis, it's critical for retailers to make sure their devices are secure. The nature of some of these attacks – like ModPOS – is to stealthily wait on your system, gathering your customers' data and personal information. A breach of this nature could lead to significant financial and reputational loss.

POS machines contain sensitive financial data, and it's crucial for retailers to make sure they're protecting these devices effectively. Where possible, it's critical to apply endpoint security to your POS devices. In addition, network-based protections can augment the current endpoint security solutions, or at the very least can provide greater protection against intrusion in those situations where endpoint security isn't feasible. In other words, investing in security solutions can make a difference in the long run and prevent damage. 

Related posts:

  1. Sochi 2014: How to stay safe on the cyber slopes of the web during the Games
  2. How can you be a safe online shopper?
  3. Attack The Machines: The lucrative business of ATM malware
  4. Is online banking safe?

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • New Report: Top Three Ways to Drive Boardroom Engagement around Cybersecurity Strategy
  • Advanced Cloud-Native Container Security Added to Trend Micro's Cloud One Services Platform
  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.