Hackers Are Raiding Retailers’ IT Networks

Managing endpoints in a retail environment poses a slew of security complications. The industry has been heavily targeted by hackers in the past year or so.

Specifically, cybercriminals have leveraged difficult-to-detect point-of-sale malware such as BlackPOS (the culprit behind the infamous Target breach), AbaddonPOS, CherryPicker, CenterPOS, RawPOS and finally ModPOS – a strain that researchers called “by far the most sophisticated POS malware,” upon its discovery in late 2015. The reason ModPOS is so terrifying is because in addition to its memory-scraping capabilities, it has a keylogger that helps it gather local network information such as metadata. In effect, this makes it possible to bypass encryption.

EMV Is Not a Silver Bullet

In late August, clothes retailer Eddie Bauer announced that it was the victim of a payment card data breach, and that customers who used their card at stores in the U.S. or Canada between Jan. 2 and July 17 may have been affected. These types of announcements have become fairly commonplace, but this one was different.

According to IT World Canada, the unnamed strain of POS malware is believed to have been designed to work against magnetic stripes as well as EMV cards. At the time of this writing, it remains inconclusive if EMV cardholders were also affected. Nevertheless, all customers in the stated timeframe, including those who made their purchases with the new chip-card technology, have been notified of the breach.

“EMV technology isn’t a panacea for POS malware.”

More recently, hackers managed to break into a cloud-based point-of-sale system that is responsible for processing $12 billion every year. The good news is that no direct card information was stolen, but rather, sales and product data, and encrypted passwords. Nevertheless, it highlights a simple fact of cyberspace: Hackers will go wherever the money is, even if that’s in the cloud.

EMV technology isn't a panacea for POS malware.

The Key to Beating POS Malware is Better Endpoint Management

“Many forms of POS malware are extremely difficult to detect.”

According to DARKReading contributor Melia Kelley, many forms of POS malware such as RawPOS will use something called a “persistence mechanism” that ensures the malware stays on the system even after a reboot. This increases the likelihood that the malware infection will be able to scrape large amounts of customer payment data.

In addition to this, many forms of POS malware, such as ModPOS, are extremely difficult to detect (it took researchers three weeks to understand that what they were looking at was malicious). It all adds up to the fact that simple reboots and detection strategies aren’t enough – but there is a solution to this problem.

It’s called reboot to restore software, and it works like this: Upon restarting computer systems in a retail environment, configurations are reset, essentially eradicating any drift, and effectively erasing any unauthorized executables that may be running in the background. This method is much simpler than attempting to detect threats, and far less time-consuming than traditional re-imaging.

Contact Faronics today to learn more about how it works.

About The Author

Matt Williams

A self-proclaimed ‘tech geek’, Matt has worked in technology for a decade and divides his time between blogging and working in IT. A huge New York Giants fan, expert on Reboot Restore Technology when not watching football Matt gets his game on playing Call of Duty with his friends and other tech bloggers.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.