How Secure is Your Store?
Information security is key to the continual operation of any enterprise in today's technology-laden business landscape. Unfortunately, threats are an ever-present danger that must be addressed
Malware can be particularly insidious because it has the ability to download itself to a store’s computer without their knowledge, or any action on their part. Lately, a common malware target has been point-of-sale (POS) systems. Because POS systems are the front line of payment card processing, compromises can have far-reaching impacts including theft of consumers' credit card information and the ability of a cybercriminal to further penetrate a business’s IT infrastructure. The threat of continued malware attacks continues to pose an increased threat to cyber security, business, and consumers.
POS Malware Developments
Various businesses including supermarkets, department stores, and gas stations are in a constant state of risk. They need to be ready for a new wave of cyber criminals that are highly skilled in using various forms of malware to compromise IT systems. For example, the recent attacks on Target and Neiman Marcus employed RAM scraper malware, which was specifically built to target point-of-sale systems.
Recently, security firm RSA reported that they had discovered that a new piece of malware was being used to target POS systems that are similar to the malware used in the Target and Neiman Marcus breaches. The Chewbacca Trojan, a privately sold piece of malware that uses a two-pronged approach involving the Tor anonymity network to conceal its communication with the attackers’ command and control infrastructure, is the latest piece of malware that has been discovered to have stolen credit card data from numerous companies.
A Watchful Eye on the Future
Despite being compliant with payment card security standards (PCI-DSS), many organizations are still being breached. Cybercriminals are constantly evolving their tactics in order to overcome the safeguards that are being put in place to secure networks. With that in mind, retailers and other businesses operating point-of-sale systems will have to go beyond simple compliance and rethink their IT security posture.
February 28, 2014