POS Malware On The Rise

It seems almost daily there is a story in the news about another retail chain whose credit card system has been hacked. Over the last few months the number of computers running Point-of-Sale systems (POS) that have been infected with a class of Malware designed to target these systems has grown over 50%. Security experts believe that thousands of small and large retailers may be infected and not even know it.

One of the more publicized pieces of malware called “Backoff” is responsible for a number of breaches as of late. The malware scans the computer’s RAM for traces of data left behind after a card is scanned that contains the card numbers and the card holder’s information then reports it back to the hacker’s network. Other similar malware applications record keystrokes and data stored on the POS computer to send back to the attacker for them to pull credit card information from.

I know that most of my readers are not in the retail business; however, I am certain many of you know someone or provide services to someone who operates a retail business. These folks need to take a look at their POS computers and make sure they are as secure as possible to prevent a potential data breach. Like with any system on your network the POS computers should be secured from attacks using best practices. First an administrator account should not be used for daily access to the computer. The login used should be limited only to running the POS and any other common activities associated with the daily use of the system. Complex passwords that have to be changed regularly will also keep many potential threats at bay. The antivirus software should be up to date and have the latest virus definitions installed. Many of these POS viruses use the Remote Desktop Protocol (RDP) to send and receive data. If you can, RDP should be completely disabled on POS computers. Because the POS devices should not be accessing the internet for much, you can use devices like your network firewall to log the connections to the Internet and look for strange connections that should not be coming from a POS device. You can even block access to everything on the Internet from the POS and only allow the few websites it does need access to from your firewall or router. Taking the step of logically separating your POS system from the rest of your network using vLAN technology and access rules to police traffic between the networks can add another layer of protection to these devices.

Hackers will always look for the easiest target. Like any thief they are criminals of opportunity. Smaller retailers may not be making the news like Home Depot and Dairy Queen, but make no mistake the threat is just as real for the mom and pop retail store or restaurant using POS in their business.

Leave a Reply