Hotel operator HEI said 20 of its hotels had been infected, Eddie Bauer said its 350-or-so stores in the U.S. and Canada had also been the victim of a malware attack. IT security experts from Proofpoint’s Threat Operations Center, ESET and Tripwire commented below.
Kevin Epstein, VP at Proofpoint:
“Retailers investing seriously in security must have modern targeted attack protection and threat response systems in place, backed up by current threat intelligence. Today’s sophisticated threats and threat actors easily bypass legacy systems, then move laterally to point-of-sale operations. IT teams must have the appropriate technology and processes in place to be able to understand when a breach occurs, assess the impact as soon as possible, and close the holes immediately to reduce damage. Often, the most expensive aspect of a breach isn’t cleanup; it’s brand damage. Having the right people, process and technology in place and testing it regularly will make the containment of a breach – and mitigation of attack impact and brand damage — more effective.”
Mark James, Security Specialist at ESET:
“POS malware is now so common its becoming almost the “Norm”, the bad guys have learnt that the best place to skim credit card details is from the machines that process them, with so much of our private financial data floating around in the cloud it’s scary to think that people will just casually accept its happened and move on, the usual recompense of 12 months “Complimentary” credit monitoring services is great but what if those details are harvested and sold or used in the future, the impact of credit fraud is not time limited.
Every single person these days with a credit or debit card should be keeping a very close eye on their financial records for any type of suspicious activity, you need to question everything, no matter how small or insignificant the amount is.
There has to be more severe penalties involved in the shortfalls of protecting our private data and much better sharing of information when these attacks do happen, in most cases the data breach is only reacted upon because an outsider has notified them of data found, once identifiable indicators of malware have been found they need to be made available for others to use and check, helping in the defence of our precious data.”
Travis Smith, Senior Security Research Engineer at Tripwire:
“Point of sale malware continues to be an attractive target for cyber criminals. The best advice for retailers is to place any point of sale machine on a segregated network from any other machines with locked down internet access. These machines typically have a handful of internet locations required to process credit card data, if they require any at all. Locking down this communication will reduce the likelihood that malware will be able to successfully ex-filtrate private information to the attacker.
Locking down point of sale networks can be easier said than done. For retail establishments which have one or two point of sale terminals in each store, it didn’t make sense three or four years ago to implement a second costly network segment for one or two devices. Migrating to a segregated network may require hundreds of thousands of dollars in equipment and network redesigns, something retailers may not have an appetite for in today’s competitive marketplace.”