Charles leaver – Avoiding The POS Breach Would Have Been Possible If Marriott Employed Continuous Endpoint Visibility

Written By Andy Wilson And Presented By Ziften CEO Charles Leaver

USA retail outlets still appear an attractive target for cyber criminals looking for payment card data as Marriott franchisee White Lodging Services Corp announced a data breach in the Spring of 2015, impacting consumers at 14 hotels across the country from September 2014 to January 2015. This event follows White Lodging suffered a similar cyber attack in 2014. The hackers in both cases were reportedly able to compromise the Point-of-Sale systems of the Marriott Lounges and Restaurants at numerous locations run by White Lodging. The enemies had the ability to acquire names printed on customers’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates. POS systems were likewise the target of recent breaches at Target, Neiman Marcus, Home Depot, and others.

Typically, Point-of-Sale (or POS) systems at numerous USA retail outlets were “locked down” Windows devices running a minor set of applications geared toward their function – phoning the sale and processing a deal with the Payment card bank or merchant. Modern Point of Sale terminals are basically PC’s that run email applications, internet browsers and remote desktop tools in addition to their transaction software. To be fair, they are often released behind a firewall, but are still ripe for exploiting. The very best defenses can and will be breached if the target is valuable enough. For example, remote control tools utilized for management and upgrading of the POS systems are typically pirated by hackers for their purposes.

The charge card or payment processing network is a totally different, air-gapped, and encrypted network. So how did hackers manage to take the payment card data? They took the data while it remained in memory on the Point of Sale terminal while the payment procedure was being carried out. Even if merchants do not store credit card information, the data can be in an unencrypted state on the Point of Sale device while the payment deal is confirmed. Memory-scraping Point of Sale malware such as PoSeidon, FindPOS, FighterPOS, and PunKey are utilized by the data thieves to collect the payment card information in its unencrypted state. The data is then typically encrypted and obtained by the cyber attackers or sent to the Web where it’s recovered by the burglars.

Ziften’s solution provides constant endpoint visibility that can find and remediate these types of dangers. Ziften’s MD5 hash analysis can discover brand-new and suspicious processes or.dll files running in the POS environment. Ziften can likewise eliminate the process and gather the binary for additional action or analysis. It’s likewise possible to discover Point of Sale malware by notifying to Command and Control traffic. Ziften’s integrated Threat Intel and Customized Threat Feed options permits consumers to notify when POS malware talks to C&C nodes. Finally, Ziften’s historic data enables clients to kick start the forensic examination of how the malware got in, exactly what it did after it was installed, and executed and other devices are infected.

It’s past time for retailers to step up the game and try to find new services to safeguard their clients’ credit cards.