Check Point Software Technologies is predicting that attacks on Point of Sale (PoS) terminals will increase in 2016. With over seven billion credit cards in circulation worldwide, fraud in the retail sector is also likely to continue to rise, as cyber attackers bid to steal millions of identity and credit card records as well as other data and merchandise.
A 2015 report from digital security firm, Gemalto, estimates that one billion data records were compromised across 1,500 attacks last year. More than half of these attacks involved the retail industry, with much of the focus on point-of-sale (PoS) systems.
Larger breaches in 2016 will be the result of custom malware that is designed to bypass even the most sophisticated security defenses. Giant retail corporations will be targeted, but start-up companies will also be vulnerable to attacks because they don’t have as many resources to strengthen their defenses.
Methods of payment are also becoming more digital as consumers are increasingly using mobile devices to make purchases. Mobile PoS systems are beneficial for retailers, but can also put customer data at risk. Digital currencies like PayPal, Apple Pay, and Google Wallet can provide new attack surfaces for hackers to exploit.
Check Point advises retailers to add layers of security for stronger protection while also taking the time to teach their employees about proper use of PoS systems and learn the signs that tell when security might have been breached.
Consumers can also take precautions in order to minimise the impact of a data breach. In addition to staying aware of phishing attempts and malware-installing websites, shoppers should regularly monitor their accounts to flag any suspicious activity.
Check Point advises retailers to follow these key steps to ensure the highest levels of security:
Protection starts at the edge
Good security starts at the edge, which in the case of the retail industry means store locations and PoS terminals.
PoS terminals typically run a fairly simple operating system without a lot of heavy security protection. This makes them easy targets. They are often not updated regularly with modern anti-virus software; worse, they are usually connected both to each other and to a corporate network. Infect one and it is simple to infect them all.
How to spot a hack
IT departments have to be savvy across a range of topics to keep complex networks operating; expand business capabilities; and maintain safety. Knowing when something looks suspicious speeds both the detection and defusing of malware on your network.
Following are four steps to help spot and identify the attributes of a suspicious set of files.
1. Be suspicious of the almost ordinary
Malware is often made up of rogue files designed to hide in plain sight. Cybercriminals use file names that look familiar, embed digital certificates that appear valid, and insert comments in their code to signal it was written by a valid company. On the surface, everything may look reasonable, but any kind of close inspection will uncover flaws.
2. Know what questions need answering
Once you identify a set of files that might be malware, focus your search efforts by asking questions such as:
- What can you discern about the nature of the files?
- What is the malware’s purpose and target?
- How was the malware was inserted?
- Can you uncover how the malware extracts data?
Each piece of data can provide clues and pointers to more data. Before you know it, a picture of the threat and possible damage will emerge.
3. Isolate, then investigate
There are two main methods for analysing malicious files: Static analysis that gathers evidence from the binary file without actually running it, and dynamic analysis that runs the file and observes its behaviour. Dynamic analysis is best performed using threat emulation technologies and tools, as they isolate and protect your data from malware. It is also important to realise that cyber criminals often produce their own fake analysis tools, so it’s best to stick with industry-standard, open source tools from a reputable source.
4. Follow the trail
As you analyse suspect files, try to identify the nature of the files, their capabilities, estimate the damage potential and explain how the malware extracts data. Finally, look for clues about the identity of the actors behind the malware.
Securing the network
Good security for the PoS terminals must be supported by proactive protection of the company network. This requires real-time preventative tools and strategies. For example, whether at rest or in transit, data should be protected using encryption. Networks should be segmented using secure communications and strict access controls that monitor traffic from segment to segment, limiting movement and reducing risk. In addition, every company should have in place a network protection plan.
“From the numerous data breaches that occurred in 2015, it’s evident that cybercriminals are going to continue looking for vulnerabilities in PoS systems. Retailers today might be compromised without even knowing it. As we head into the new year, it’s essential for businesses to be proactive and implement advanced solutions to secure their PoS networks from data and credit card breaches. Companies can stay ahead of cybercrime by making it their highest priority to protect their customers and businesses from any PoS attack,” saidPhilip Dimitriu, Regional Systems Engineer Director – ANZ, Check Point.
Follow Check Point via:
Check Point Blog, Twitter, Facebook, YouTube and LinkedIn
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com), is the largest pure-play security vendor globally, provides industry-leading solutions, and protects customers from cyberattacks with an unmatched catch rate of malware and other types of attacks. Check Point offers a complete security architecture defending enterprises’ networks to mobile devices, in addition to the most comprehensive and intuitive security management. Check Point protects over 100,000 organisations of all sizes. At Check Point, we secure the future.