The retail industry has been hit hard by cyberattacks, as cybercriminals target huge piles of credit card data and personally identifiable customer information. One of the most common attack vectors has been through compromised Point of Sale (POS) systems. Hackers have targeted POS systems to gain entry into the retailer’s network since these systems are generally the least secure link in any retailer’s network infrastructure.
What is a POS Attack?
A POS attack takes advantage of vulnerable POS systems by deploying malware which allows the attacker to steal financial data stored in the system’s temporary memory. An attacker may use keyloggers to record keystrokes or RAM scrapers to capture card data before encryption. The malware then makes a connection with the attacker’s system to exfiltrate data outside the retailer’s network. Sophisticated malware attacks may also use a POS system to access the retailer’s corporate network and move laterally – eventually establishing connections with critical servers, applications, and databases to exfiltrate large volumes of data.
Why Point of Sale Systems Are Easy Targets
The simple answer is most retailers don’t update their POS systems with the latest security solutions, and instead make do with run-of-the-mill antivirus software to meet bare minimum security requirements. Here are some reasons why POS systems are soft targets for attacks:
Operating System Vulnerabilities
Most POS attacks succeed because of vulnerabilities in the operating system. The reality is that many retailers still run their endpoints on Windows XP (which Microsoft no longer supports) or other legacy software versions of Linux. Upgrading to a new OS is a huge capital and operational expense, especially when there are thousands of POS systems to consider – which is why most retail organizations settle for antivirus software as a weak safety mechanism.
Software Patch Management
OEMs do not always discover vulnerabilities in the OS in time. Even if they do, creating a patch, testing, and deploying it could take months and sometimes even years. With attacks increasing in frequency and sophistication, waiting for patches renders POS systems vulnerable to threats. Attackers are quick to exploit such vulnerabilities to infect multiple POS systems across the retailer’s network. Also, the lack of sound data governance and ignoring compliance requirements (such as those that comprise PCI-DSS 4.0) can result in massive breaches compromising millions of customers’ personal records and credit card data.
Reactive Security Approach
Commonly used signature-based antivirus software relies on the “known bad” (signatures or behaviors) and is not capable of preventing unknown threats or zero-day attacks. Retailers need to shift from reactive security solutions and start taking a proactive approach to secure their network and POS systems.
How Retailers Can Prevent POS Attacks
Retailers of all sizes would be well served to acknowledge the unfortunate fact that antivirus software is not capable of protecting against the range of malware used by hackers today. From fileless malware to zero-day attacks, hackers have been using advanced methods to easily circumvent antivirus security solutions and compromise POS systems to access valuable credit card information. The security measures below can help retailers protect their POS systems and safeguard their customers from credit card fraud.
Gain Complete Visibility
Most security professionals in the retail industry have no unified visibility into geographically distributed POS system processes. Having visibility allows security operators to identify processes that are required to run on any given POS system while shutting down processes that may be unnecessary or suspicious. Real-time visibility enables security teams to detect, alert, and prevent unauthorized and potentially dangerous processes.
Lock Down POS Systems
Security teams can successfully lock down POS systems by using technology that whitelists authorized processes – and detects and shuts down any other process before execution. Enabling process lockdown can protect POS systems, including unpatched and legacy systems, from zero-day threats, fileless malware, ransomware, advanced persistent threats (APTs), return-oriented programming (ROP), remote access trojan (RAT), and many other types of malware.
Deploy Efficient Solutions
Retail staff at the counter keeps changing, and customers expect billing to be quick for every single transaction. Keeping these industry requirements in mind, any security solution you deploy should be light enough to run without impacting business, and it should be completely invisible to the end-user. This will reduce any additional cost incurred in teaching cyber hygiene to your employees, and it will ensure that billing takes place seamlessly.
According to the Ponemon Institute’s 2019 Global State of Cybersecurity in Small and Medium-Sized Businesses report, 61% of retailers experienced a cyberattack within the past year, with an average cost of $1.9 million from the disruption of normal operations. Though the direct monetary impact of a breach is important, the retail industry should also consider the deterioration in brand value and customer trust in the event of a breach. As an industry that heavily invests in advertising and promoting word-of-mouth to build trust, retailers need to hold on to that hard–earned trust by ensuring the protection of customer and financial data collected at every POS terminal.
Get Proactive Security for POS Systems
ColorTokens Xprotect gives retailers a powerful tool to secure POS systems. It utilizes a zero-trust approach that allows only company-sanctioned applications and processes to run – enabling businesses to stay a step ahead of even complex and zero-day threats.
Sign up for a free demo today to see how Xprotect can protect your retail organization from advanced cyber threats.