Written By Matthew Fullard Presented By Chuck Leaver CEO Ziften
Trump Hotels POS Vulnerabilities Emphasize Requirement for More Rapid Detection of Anomalous Activity
Trump Hotels, suffered a data breach, between May 19th 2014 and June 2, 2015. The point of infection used was malware, and contaminated their front desk computer systems, point of sales systems, and dining establishments. Nevertheless, in their own words they claim that they “did not find any evidence that any consumer info was removed from our systems.” While it’s comforting to discover that no evidence was found, if malware is present on POS systems it is probably there to take information related to the credit cards that are swiped, or increasingly tapped, placed, or waved. An absence of proof does not indicate the lack of a criminal offense, and to Trump Hotel’s credit, they have offered complimentary credit tracking services. If one is to examine a Point-of-Sale (or POS) system nevertheless you’ll observe something in abundance as an administrator: They hardly ever change, and software will be almost homogeneous throughout the implementation community. This can provide both positives and negatives when thinking about securing such an environment. Software changes are sluggish to occur, require rigorous testing, and are hard to roll out.
Nevertheless, because such an environment is so homogeneous, it is also a lot easier to identify POS vulnerabilities when something new has changed.
At Ziften we monitor all executing binaries and network connections that take place within an ecosystem the second they occur. If a single POS system started to make brand-new network connections, or began running brand-new software, despite its intent, it would be flagged for further review and evaluation. Ziften also collects endless historical data from your environment. If you want to know what happened 6 to twelve months back, this is not an issue. Now dwell times and AV detection rates can be determined utilizing our incorporated risk feeds, as well as our binary collection and submission technology. Also, we’ll tell you which users initiated which applications at exactly what time across this historical record, so you can discover your preliminary point of infection.
POS issues continue to plague the retail and hospitality industries, which is a shame given the relatively straightforward environment to monitor with detection and response.