POS Malware: How to block attacks and boost security POS Malware: How to block attacks and boost security

POS Malware: How to block attacks and boost security

by Calyptix, September 17, 2014

POS MalwarePoint-of-sale systems are in a war against POS malware — and they are losing. Scarcely a week passes without news of another victory for the bad guys.

One thing seems clear: current POS security is not enough.

18 ways to boost POS security are listed below. But first we ask, why do the systems keep getting breached?

5 Reasons POS Malware is Winning

Reason #1. Systems are old

POS systems are often sold on the notion that they will last years, maybe even a decade. The majority use a Windows-based OS, and about 30% use the officially obsolete Windows XP according to one estimate.

The use of common, older operating systems adds to their vulnerability. This is often compounded by organizations that do not adhere to POS security best practices.

Reason #2. Systems are improperly used

Some organizations allow POS systems to access the internet – never a wise choice.

For example, small and medium businesses (SMBs) often lack enough resources for a dedicated POS system. They may use the same machine to browse the web or read email.

Reason #3. Systems are improperly configured

POS systems are more widely available than ever. SMBs can buy one without the help of an IT provider who can deploy and configure the system securely.

Reason #4. Over-reliance on anti-virus

Many organizations rely too heavily on anti-virus software to keep their POS systems clear of malware. This is a poor strategy for many reasons, not least of which is the fundamental inability of anti-virus to stop the most advanced attacks.

Anti-virus prevents only known malware. New or custom variants can go undetected.

POS malware is often tailored to infect and persist in the target environment. This makes it very hard for signature-based anti-virus software to detect the threat.

Reason #5. Over-reliance on PCI DSS

The PCI DSS regulations require organizations to protect cardholder data. They dictate many sound security practices, but they are clearly not enough.

Of the retailers recently breached, how many do you think:

  • Regularly passed PCI DSS security scans?

It’s safe to assume that retailers often believe they are compliant the day before they realize hackers have been stealing their cardholder data for months.

18 Ways to Boost POS Security

Aside from following standard information security best practices, here are some steps you can take to help protect yourself from POS malware attacks.

Configuration

1. Isolate the cardholder data environment (CDE) with network segmentation. Separate it from public-facing services and the Internet.

2. Restrict systems in the CDE to connect only to known, trusted sources. Block all other traffic that is not explicitly allowed.

3. Implement outbound / egress filtering policies to scan traffic attempting to enter or leave the CDE.

4. Implement intrusion detection and prevention.

5. Use only encrypted protocols to transmit cardholder data, even within the corporate network

Security policies

6. Reduce the number of personnel with access to the CDE. Allow even fewer personnel to access both the CDE and other internal networks.

7. Use POS devices only for transaction-related purposes. Do not allow use for other purposes, such as checking email or printing documents.

8. Use two-factor authentication for all administrative access and entry points to the CDE.

9. Use two-factor authentication for all configuration changes to the CDE.

10. Establish an incident response plan to isolate, resolve, and investigate all detected breaches.

Architecture

11. Place a firewall between every corporate network.

12. Deploy endpoint security software with frequent and automatic updates.

13. Invest in a POS system that encrypts cardholder data immediately upon entry. Decrypt only at secure points outside the merchant’s environment, such a payment processor.

Periodic tests and audits

14. Audit all connections to the CDE.

15. 1Review remote connection logs.

16. Review running processes.

17. Review all administrative accounts for password complexity.

18. Review POS systems for physical tampering.

PCI-DSS-for-IT-providers-CTA

Related resources

POS Malware: Review of the retail attacker

Ransomware: Hello Critroni and Goodbye Cryptolocker

Top Threats: How to prevent Cryptolocker

PCI DSS for IT Providers – The rules and impact on MSPs and Resellers

No Comments


    Leave a Reply

    Your email address will not be published Required fields are marked *

    You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

    *