It’s the most wonderful time of the year… especially if you’re a hacker.
As consumers race to catch the shopping deals and retailers battle it out for their attention and dollars, hackers lurk in the shadows, ready for a chance to strike. This year, they have their eyes on the point-of-sale (POS) system prize. Carolyn Crandall, CMO of Attivo Networks, joined this week’s Hacker Tracker to share the vulnerabilities impacting POS systems and discuss whether massive data breaches are on the horizon in the months ahead.
According a new research from Attivo Networks, the undetected vulnerabilities present in many of the nation’s POS systems may open the door to large breaches during the holiday shopping period and on into next year.
The report revealed that hackers are moving laterally undetected through networks, which enabled them to compromise asset management servers and subsequently plant malware on POS terminals for either timed or remote activation.
This behavior not only sets the scene for wide-scale credit card information theft, it also allows attackers to bypass traditional security devices.
Carolyn Crandall, CMO of Attivo Networks, pointed out that more complex forms of malware and advanced threats are hitting the market, but the POS systems out there just don’t have the ability to keep pace with the new breed of sophisticated POS attackers.
In fact, four out of five of these attacks are not being discovered by the organizations and only come to light when the credit card theft or usage happens, she noted.
The most common types of threat actions used by hackers include brute force, the use of stolen credentials and offline cracking. Because the infrastructure behind and inside many POS systems and devices is vulnerable — particularly those that run on older, unprotected Windows XP or even DOS-based systems — Attivo Networks has some eye-opening predictions for the months ahead.
A Bleak New Year For POS Security
“Based on this research, we predict that in 2017, there will be a significant increase in reported POS attacks, largely due to the high probability that these systems have already been breached and attackers are already active throughout many networks today, undetected and unchecked,” Attivo Networks CEO Tushar Kothari said in a statement.
“There is a high likelihood that breaches during this holiday period won’t be detected until well later in the year and unfortunately well after the cardholders have suffered the consequence of shopping for what will no longer feel like a good holiday deal,” he concluded.
Attivo Networks data also highlighted a growing threat toward smaller retailers, restaurants and hotel chains that may not have the resources to invest as heavily in cybersecurity.
Crandall pointed out that attackers are moving downstream.
As big-box retailers make huge investments in trying to prevent these types of attacks from happening, a lot of the next tier of retailers become a prime target.
“The payouts may be a little bit smaller, but it’s still not bad,” Crandall said. “They’re easier to breach, and I think we’re also going to see a continued wave of this next tier of organizations getting hit as things get a little bit more complicated at the top.”
It’s clear that POS attacks are not going down, they’re going up.
With that, Crandall said the number of compromised records will continue to go up as well.
In an attempt to outsmart the ever-evolving schemes of cybercriminals, Attivo Networks uses deception technology to provide visibility into a POS attack and help mitigate the threat.
“What we do works is because we’re not actually trying to identify the malware — we’re instead setting the lures and the baits, so instead as [hackers] come in, they get attracted to that and then their presence is revealed upon the engagement with our systems,” Crandall explained.