Page 58 - Cyber Warnings
P. 58
THE HIDDEN THREATS WITHIN OUR NATION S POS SYSTEMS
By Carolyn Crandall
There are escalating security vulnerabilities at work in the nation’s point-of- sale (POS) systems.
This is situation can be quite serious and one that deserves immediate attention and
accompanying remediation.
In the last ten years there have been over 1,350 breaches made public within retail and
business organizations. In 2016 alone, high profile breaches from Wendy’s, Eddie Bauer, Vera
Wang, and Omni Hotels have shaken these companies and left impacted customers angry and
frustrated.
I predict 2017 will see a large increase in high profile POS attacks, largely due to the high
probability that retailers have already been breached and attackers are already active
throughout many networks, undetected and unchecked.
Point-of-Sale (POS) breaches are a major source contributing to credit card and personal
information data loss. Yet, they remain one of the most difficult to protect based on historic
vulnerabilities at the device endpoints, the inability to apply additional security measures such
as encryption to transaction data, POS-laced macro threats, and the increased use of the TOR
network to easily facilitate the sale of stolen information.
Throughout 2016, attackers have shifted their focus from retailers to restaurants to hotel chains
targeting the organizations that have the least robust security solutions. Their focus appears to
go in waves and it is suspected that the attackers are gearing up for a new wave of high profile
attacks based on the attractive financial gain associated with large scale breaches. The average
breach, for example, has risen to $165 per record, as stated in the 2015 Cost of Data Breach
Study: Global Analysis. A smaller retailer may have 30,000 to 50,000 records in their database
whereas a larger organization could have hundreds of thousands to millions of records that can
be turned into an attractive attacker payout.
It is said that over 50% of the threats to retailers are from malicious code that steals login
credentials, and malware that infects networks to watch and record specific transactions. We
are also led to believe that POS malware may be interconnected because they were used in
similar types of targets, followed same attack methodology and reused code extensively. One
observation that could be made is that given the similarities, multiple cybercriminal gangs might
be collaborating on the tools, techniques and practices. It also appears that in many cases new
versions of malware are being introduced in modified form from their original release.
An example of this would be POS malware AbaddonPOS, which is making the rounds again—
aimed specifically at retailers. First discovered in October 2015, it takes the form of an email
campaign designed to drop TinyLoader and then the malware. The emails are highly
personalized, with recipients’ names, key company details and better-than-average grammar.
Once the user clicks, the Command-and-Control servers are contacted, while TinyLoader grabs
a new Abaddon version which tests white-list/blacklist implementations and change the way it
58 Cyber Warnings E-Magazine December 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
