Continuous Endpoint Visibility May Have Averted The Marriott Point Of Sale Attack – Chuck Leaver

Written By Andy Wilson And Presented By Ziften CEO Chuck Leaver

US retail outlets still appear an appealing target for hackers seeking payment card data as Marriott franchisee White Lodging Services Corp announced a data breach in the Spring of 2015, affecting customers at 14 hotels throughout the nation from September 2014 to January 2015. This incident comes after White Lodging suffered a comparable cyber attack in 2014. The cyber criminals in both cases were supposedly able to jeopardize the Point-of-Sale systems of the Marriott Lounges and Restaurants at numerous locations run by White Lodging. The cyber criminals were able to acquire names printed on clients’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates. Point-of-Sale systems were also the focus of current breaches at Target, Neiman Marcus, Home Depot, and more.

Traditionally, Point-of-Sale (or POS) systems at many USA retail outlets were “locked down” Windows devices running a minor set of applications geared towards their function – calling the sale and processing a transaction with the Payment card bank or merchant. Modern Point of Sale terminals are basically PC’s that run e-mail applications, web browsers and remote desktop tools in addition to their transaction software applications. To be reasonable, they are generally released behind a firewall, however are still ripe for exploiting. The very best defenses can and will be breached if the target is important enough. For instance, remote control tools used for management and upgrading of the POS systems are often pirated by hackers for their purposes.

The credit card or payment processing network is a totally different, air-gapped, and encrypted network. So how did cyber attackers manage to take the charge card data? They stole the data while it was in memory on the Point of Sale terminal while the payment procedure was being conducted. Even if sellers do not store charge card information, the data can be in an unencrypted state on the POS machine while the payment deal is validated. Memory-scraping POS malware such as PoSeidon, FindPOS, FighterPOS, and PunKey are utilized by the data burglars to harvest the credit card details in its unencrypted state. The data is then usually encrypted and obtained by the hackers or sent to the Web where it’s obtained by the thieves.

Ziften’s solution supplies continuous endpoint visibility that can discover and remediate these types of dangers. Ziften’s MD5 hash analysis can detect new and suspicious procedures or.dll files running in the POS environment. Ziften can likewise kill the procedure and gather the binary for more action or analysis. It’s also possible to find POS malware by alerting to Command and Control traffic. Ziften’s integrated Risk Intel and Custom-made Risk Feed alternatives permits consumers to notify when POS malware communicates to C&C nodes. Finally, Ziften’s historical data enables customers to begin the forensic assessment of how the malware got in, what it did after it was installed, and executed and other machines are infected.

It’s past time for sellers to step up the game and try to find brand-new solutions to protect their clients’ payment cards.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title="" rel=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>