Skip to main content

Point of sale theft becomes an easy fix for cyber thieves, companies urged to do more

Cyber thieves are increasingly using malware to steal credit and debit card information from point of sale [POS] systems by capitalising on a disparity in the level of protection employed by many companies.

Related: Dexter malware: Underlining the need for POS system encryption

Network security company Arbor Networks released a report that stated most malware isn’t sophisticated and if companies were more vigilant and invested more money in security it would prevent details being pilfered.

"I know that innovation gets people's attention, but the same techniques that people have been using for a long time still work. So companies need to beef up on Security 101,” Curt Wilson, an Arbor analyst told eWeek.

Wilson added that companies of all sizes are suffering from POS hacks because small companies don’t have the security expertise required and network sizes at large firms mean that detecting an attack is increasingly difficult. It has meant that in almost all public retail breaches an attacker has had access to the victim’s network for over 100 days.

"When you are a large organization, it only takes one error in permissions or one error in access controls—all it takes is one hole like that to allow attackers to get in," Wilson said.

Arbor’s report details various different methods that are employed by hackers to break into POS systems including BlackPOS and Alina, as well as the ways firms can protect against attacks.

BlackPOS shot to prominence for its breach of US retailer Target and works by searching internal systems with a number of specific encryption keys that are easily spotted by IT administrators. Alina, meanwhile, uses a 666 response code and this, alongside other indicators, is an easy way to detect it.

"Organisations of all sizes are encouraged to seriously consider a significant security review of any PoS deployment infrastructure to detect existing compromises as well as to strengthen defences against an adversary that continues to proliferate and expand attack capabilities,” stated the Arbor report.

Wilson added that fast detection and a quick response are just as important and a combination of all of these will help companies to limit POS thieves.

Image Credit: Flickr (walmartcorporate)