Following the news that fashion retailer The Buckle has been hacked via a malicious Point-of-Sale malware, cyber security experts from FireMon and Tripwire have commented on the situation as well as given advice on the best security measures enterprises should take.
Paul Norris, Senior Systems Engineer at Tripwire:
“Criminals will not stop targeting point of sale terminals and sadly we will not see this declining any time soon. Compromised credit card data continues to be a valuable commodity on the black market so any company collecting or processing valid credit card information will continue to be a prime target.
“Enterprises need to become proactive instead of reactive and learn from the mistakes of other attacks. Learn how current criminals are operating as well as how compromised companies are handling the incident response to such events.”
“The best advice for companies using point of sale systems is to isolate and lock down the devices as much as possible. Retailers need to secure all endpoints including PoS. These systems run a lightweight version of Microsoft Windows, and like all Windows operating systems, they still require to be patched and hardened. A security system needs to be implemented that can predict destinations both internally on the network as well as externally on the Internet. Carefully monitoring communications for irregularities can help identify successful attacks.”
“As these terminals are on store networks, they can be hard to patch or secure, so good preventative or detection tools should be put in place to help identify zero-day attacks and configuration changes on these point of sale terminals.”
Paul Calatayud, Chief Technology Officer at FireMon:
“Retail environments will continue to be a hotbed for attackers, given the nature of retail systems and market value of stolen credit cards. Many retail systems continue to be flat, meaning once an attackers gains access to a part of the retail network, they are able to pivot and begin attacking the point of sales systems.”
“The best way to mitigate against these attacks is to isolate the point of sale systems from the rest of the network using network segmentation and network security policy management.”