Clothing store chain Eddie Bauer said it has detected and removed malicious software from point-of-sale systems at all of its 350+ stores in North America, and that credit and debit cards used at those stores during the first six months of 2016 may have been compromised in the breach.
IT security experts from ESET, Tripwire and Guidance Software commented below.
Mark James, Security Specialist at ESET:
Every single person these days with a credit or debit card should be keeping a very close eye on their financial records for any type of suspicious activity, you need to question everything, no matter how small or insignificant the amount is.
There has to be more severe penalties involved in the shortfalls of protecting our private data and much better sharing of information when these attacks do happen, in most cases the data breach is only reacted upon because an outsider has notified them of data found, once identifiable indicators of malware have been found they need to be made available for others to use and check, helping in the defence of our precious data.”
Travis Smith, Senior Security Research Engineer at Tripwire:
“Point of sale malware continues to be an attractive target for cyber criminals. The best advice for retailers is to place any point of sale machine on a segregated network from any other machines with locked down internet access. These machines typically have a handful of internet locations required to process credit card data, if they require any at all. Locking down this communication will reduce the likelihood that malware will be able to successfully ex-filtrate private information to the attacker.
Locking down point of sale networks can be easier said than done. For retail establishments which have one or two point of sale terminals in each store, it didn’t make sense three or four years ago to implement a second costly network segment for one or two devices. Migrating to a segregated network may require hundreds of thousands of dollars in equipment and network redesigns, something retailers may not have an appetite for in today’s competitive marketplace.”
Fortunato Guarino, Solution Consultant EMEA Cybercrime & Data Protection Advisor at Guidance Software:
PoS systems are a lucrative target for hackers, and if they are able to infect these systems with malware, they can capture data every time a card is used.
These latest incidents reinforce the importance of strong endpoint detection and response (EDR) tools that can alert an organization of a POS attack and prevent hackers from actually extracting any data. To do this they need to work ‘under the assumption of compromise’, that is, take a proactive approach to tracking down any warning signs of unauthorised or unusual behaviour. POS terminals are endpoints like any other; security teams need to have 360-degree visibility into these systems in order to identify indicators of compromise quickly, so the appropriate response and remediation can happen to prevent or minimise the impact.”
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.