2014 can be remembered as the year when PoS malware attacks became truly widespread. Many retailers and other businesses became victims of these attacks, which resulted in financial losses and embarrassment for their victims. One can ask: how do these organizations become victims of PoS malware in the first place?
Most of the methods used to compromise a system with PoS malware are broadly similar to those used by any other malware. In our paper titled PoS RAM Scraper Malware, we discussed some possibilities, including:
- A malicious insider
Employees of an organization could decide to plant PoS malware on the relevant systems. This is one of the hardest threats to defend against, but as far as PoS malware is concerned, one of the earliest scrapers were first discovered in air-gapped PoS systems. To this day, some PoS malware families will dump stolen data directly to a USB stick.
- Phishing/social engineering
Phishing is one of the oldest techniques around to compromise a network, and it’s still very effective. This risk is particularly acute in small businesses, which tend to use a PoS system not just for payment purposes, but for others as well (such as email, browsing, and social media). This increases the risk that various social engineering attacks will prove to be successful.
- Vulnerability exploitation
PoS systems are frequently not updated, partially at the behest of terminal vendors who may have something of a “it’s not broke, don’t fix it” mentality. Unfortunately, this means that these systems are vulnerable to many exploits that attackers regularly try to use. This can be a problem particularly in cases where PoS systems are used for other purposes.
- Non-compliance with PCI DSS guidelines
The payment industry’s PCI DSS guidelines are supposed to mandate best practices within the industry, but in some cases these are not followed. The causes for non-compliance may vary, but the end result is the same: poor implementation of best practices allows various “small” incidents to leak payment information.
- Targeted attacks
More sophisticated attacks may also be used to target a business’s PoS systems. For example, targeting a third-party contractor with access to a company’s network may be easier than targeting the company directly.
Whatever the threat may be, a variety of technologies can be used to detect these threats. Deep packet inspection tools can help detect the network traffic associated with these attacks. Most importantly, given that the functions performed by PoS systems are sufficiently limited in scope, they represent an ideal situation for application control. This would make launching malware attacks of any kind significantly more difficult.
The infographic, Protecting Point of Sales Systems from PoS Malware, outlines how a PoS attack takes place, and what steps need to be taken to protect against them.