Managing endpoints in a retail environment poses a slew of security complications. The industry has been heavily targeted by hackers in the past year or so.
Specifically, cybercriminals have leveraged difficult-to-detect point-of-
EMV Is Not a Silver Bullet
In late August, clothes retailer Eddie Bauer announced that it was the victim of a payment card data breach, and that customers who used their card at stores in the U.S. or Canada between Jan. 2 and July 17 may have been affected. These types of announcements have become fairly commonplace, but this one was different.
According to IT World Canada, the unnamed strain of POS malware is believed to have been designed to work against magnetic stripes as well as EMV cards. At the time of this writing, it remains inconclusive if EMV cardholders were also affected. Nevertheless, all customers in the stated timeframe, including those who made their purchases with the new chip-card technology, have been notified of the breach.
“EMV technology isn’t a panacea for POS malware.”
More recently, hackers managed to break into a cloud-based point-of-sale system that is responsible for processing $12 billion every year. The good news is that no direct card information was stolen, but rather, sales and product data, and encrypted passwords. Nevertheless, it highlights a simple fact of cyberspace: Hackers will go wherever the money is, even if that’s in the cloud.
The Key to Beating POS Malware is Better Endpoint Management
“Many forms of POS malware are extremely difficult to detect.”
According to DARKReading contributor Melia Kelley, many forms of POS malware such as RawPOS will use something called a “persistence mechanism” that ensures the malware stays on the system even after a reboot. This increases the likelihood that the malware infection will be able to scrape large amounts of customer payment data.
In addition to this, many forms of POS malware, such as ModPOS, are extremely difficult to detect (it took researchers three weeks to understand that what they were looking at was malicious). It all adds up to the fact that simple reboots and detection strategies aren’t enough – but there is a solution to this problem.
It’s called reboot to restore software, and it works like this: Upon restarting computer systems in a retail environment, configurations are reset, essentially eradicating any drift, and effectively erasing any unauthorized executables that may be running in the background. This method is much simpler than attempting to detect threats, and far less time-consuming than traditional re-imaging.
Contact Faronics today to learn more about how it works.