Protecting over 200 million PCs, Macs, & Mobiles – more than any other antivirus


July 23rd, 2014

Should small and medium-sized businesses be worried about PoS attacks?

Customers are vulnerable at the moment of purchase.

Most U.S. merchants cannot detect fraud at the point of sale.

One of the most dangerous places in America is your local retailer. Before you leave the building with your purchases, you run the risk of having your identity stolen.

No doubt you recall the 2013 security breaches at Target, Michael’s, and Neiman Marcus where millions of records were compromised by Point-of-Sale (PoS) attacks. PoS occurs when the customer makes a payment to the merchant. That last exchange is the most vulnerable.

Large retail merchants lead the list by 50% of organizations where consumers’ data was compromised in 2013, followed by credit card issuers and consumer banks, according to the #DataInsecurity Report done by the National Consumers League, in cooperation with Javelin Strategy & Research. The #DataInsecurity Report also revealed that 61% of data breach victims reported the breached information was used to commit fraud against them.

This should not come as a surprise. According to the Nilson Report, approximately $4 trillion dollars was paid with credit, debit, and prepaid cards in the U.S. last year. Add to that the ready availability of code to execute PoS attacks available on underground forums and you have the perfect storm of a large victim pool for cybercriminals. The U.S. is an easy target since EMV cards (cards with chips embedded) have not been widely adopted. EMV, conceived between Europay, MasterCard and Visa, is a standard securing payments in other countries.

Cybercriminals don’t care about the size of your business

U.S. banks are slow to upgrade to "Smart cards" with embedded chips

U.S. banks are slow to upgrade to “Smart cards” with embedded chips.

Although most of the PoS attacks highlighted in the media were against large retailers, cybercrooks don’t care how large or small your business is. You would think they would, but cybercriminals are more interested in raking in the money rather than caring about the fame they could possibly receive from attacking a large and popular business. Regardless of its size, if your business has a PoS system to charge customers for products or services, you should be protecting your system to save yourself from a possible attack. PoS attacks not only steal valuable customer information, they can damage your business’s reputation.

The #DataInsecurity Report shows that only 10% of retail fraud victims are confident that retailers can protect their information in the future.

How PoS attacks work

The biggest PoS Trojans, like Dexter, BlackPOS, Minerva, and vSkimmer, have targeted systems and networks running Windows. PoS Trojans use various methods to infiltrate systems:

  • They can trick victims into downloading the Trojan themselves by using phishing emails that appear to be from a trusted source
  • They silently download in the background when a victim clicks a link
  • They take advantage of outdated operating systems, like Windows XP

Once the Trojan has gained access it can remain dormant for long periods of time. During dormancy, Trojans can secretly scan, observe and gather information, such as passwords, to send back to their command servers. Once cybercriminals have all the information they need, they can call on the Trojan to act via Command and Control (C&C) servers. PoS Trojans collect and send payment tracks from credit card magnetic strips back to their servers, mostly from the PoS system’s memory.

How to protect your business from a PoS attack

There are several thing you can do to make your company more secure:

  • To protect your business from cybercriminals looking to compromise your PoS devices, it’s crucial you protect the corporate network connected to your PoS system. To do this you should guard your network with strong passwords.
  • Additionally, you should educate and warn your employees of the various social engineering methods used for targeted attacks, like spearfishing emails.
  • You should also use a proper security solution, like avast! Endpoint Protection, to protect your network from hacking tools, malicious modules, and from hackers using exploits as a gateway to insert malware into your network.
  • The installed security solution should be password protected to stop hackers from disabling or turning off its functionality.
  • All software must be kept up-to-date and security fixes eliminating known exploits should be installed as soon as the software manufacturer releases them.

Cloud-based PoS systems differ by design from traditional PoS systems. They offer some additional features, like portability and lower costs, making them attractive for small and medium business owners. However, cloud-based PoS systems are just as vulnerable to attack as their traditional counterparts. A very recent threat called POSCloud has already been reported, specifically attacking small businesses. This recent attack shows that malware authors have successfully adapted to newer PoS systems and are not excluding small businesses when it comes to their attacks. Cloud-based PoS systems should therefore not be underestimated, they should be protected just as hard-wired systems are.

How to react if your PoS system has been attacked

Businesses should admit they have been attacked as soon as possible if their customer’s data has been compromised, so their customers can take action to protect themselves. Companies, of course, need to assess the situation to determine which data has been compromised before they can inform the public. This assessment allows companies to provide their customers with the proper steps to take protective measures.

Thank you for using avast! Antivirus and recommending us to your friends and family. For all the latest news, fun and contest information, please follow us on Facebook, Twitter, Google+ and Instagram. Business owners – check out our business products.