The Low Cost And High Reward Of POS Malware - Experian
The Low Cost and HighReward of POS MalwareBy Adam Tyler, Chief Innovation Officer, CSIDCSID.COM
INTRODUCTIONunencrypted data to process the payment.This is where POS malware comes in.POS systems are not typically connected to theInternet, but are often connected with the company’sinternal network. This connection point is what makesthem susceptible to malware. Any system thattouches a network point can be infiltrated. All it takesis an employee clicking on a malware-ridden link orin the case of the Target breach, a third-party vendorwith compromised credentials, for cyber criminalsto gain access to the network and laterally work toaccess a company’s POS system.Last year, Target and Neiman Marcus bothexperienced major breaches due to Point of Sale(POS) malware, bringing this type of security breachunder intense scrutiny in 2014. Target’s breachresulted in the loss of more than 40 million cardnumbers, including expiration dates, CVV codes andPIN numbers. Personal information for more than 70million customers was also stolen including names,mailing addresses, email addresses and phone1numbers. Neiman Marcus’ POS malware breachexposed data at more than 77 stores and resulted in350,000 stolen credit and debit cards over an eight2month period. Between the two retailers, more than3110 million customers were affected.Once a hacker has access to the POS system, theycan install a type of POS malware known as a RAMscraper. RAM scrapers are designed to extractpayment data from a POS device’s memory before thedata is encrypted and transmitted. When a credit ordebit card is run, data from the card is stored on thePOS systems’ random-access memory (RAM). PCI DSSrequires sensitive data to be encrypted when it isbeing stored on a hard drive or transmitted through anetwork. This requirement is not applicable when thedata sits on a POS systems’ RAM. This opening givescyber criminals the opportunity to steal the data bysearching through the RAM of a POS machine for filenames that are often associated with paymentinformation and then scrapes that sensitive data anddumps it into a file or server that the criminal canaccess whenever and wherever.The FBI has warned U.S. retailers to prepare forfurther cyber attacks on POS systems after linkingmalware used in the attack on Target to 20 other4attacks in 2013. To best guard against this growingthreat, it is important to understand the ins and outs ofPOS malware. This paper will explore what it is, whythe focus on POS systems now and what businessescan do to combat the threat.The Lifecycleof POS MalwareWhile POS malware has made the news in 2014 dueto the Target and Neiman Marcus breaches, it hasactually been around for years. In 2007, TJXCompanies lost more 45.6 million credit and debitcard numbers after someone illegally accessed the6company’s payment system. In 2009, Visa andVerizon published threat reports outlining a new type7of malware called a RAM scraper. Security andcompliance standards evolve and the types of datathat are valuable to cyber criminals shift. As thesethings change, cyber criminals will shift their focus tothe type of crime that provides the most valuable datawith the least amount of risk and effort. This is why wehave seen the resurgence in POS malware. ThePOS malware naturally starts with a retailer’s POSsystem. POS systems are designed in a way thatmakes it difficult for cyber criminals to stealinformation. The payment card industry has a set ofstandards, commonly referred to as PCI Data SecurityStandard (PCI DSS), which requires all companies thatprocess, store or transmit credit card information tomaintain a secure environment. PCI DSS requires theencryption of payment data when it is transmitted,5received or stored. However, at some point in thetransaction process, the POS system has to hostConfidential and Proprietary CSIDPOS Malware [ 2 ]
POS Systems on the Riserecent popularity of POS malware can be largelyattributed to the following: increased availability ofinexpensive, simple malware; more POS systems withincreased complexity and connection points to thenetwork; and the potential huge profits that can bemade from a successful POS breach.POS Systems can be incredibly complex. Not only dothey read data off of debit and credit cards, but manyalso keep track of store and warehouse inventory,company promotions, and markdowns. As thesesystems are required to do more and track more,there are more connections to the POS system withoutside networks and vendors. This makes thesystems more vulnerable to malware and breach. Theavailability of POS systems is also putting businessesat risk. Historically, POS systems have been costprohibitive for smaller businesses. Now that thesesystems are more widely available, their cost hasdecreased and more small businesses are adoptingthem. Unfortunately many of these small businessesdon’t have the security systems in place that largercorporations do, making them easy, profitable targetsfor cyber criminals.Evolution and AvailabilityIn January 2014, RSA anti-fraud researchers identifieda new strain of POS malware called ChewBacca.Researchers found that ChewBacca had been used toinfect the POS systems of several dozen retailersbeginning on October 25, 2013, resulting in stolencredit and debit card data in the U.S. and 10 other8countries. What is interesting about ChewBacca is itssimplicity. The malware steals data in two ways –keylogging and memory-scraping. Both are simplefunctions and easily detectable by a good securitysystem and yet ChewBacca managed to stealsensitive information from dozens of retailers aroundthe world in a matter of months.Following the MoneyAccording to the FBI, huge profits are being made offof POS malware both from hackers selling the codeand cyber criminals using it to steal data from10businesses. Take, for example, Target’s breach.Shortly after the breach was announced, CSID, a partof Experian started seeing bundles of the stolen cardsappear for sale on the identity black market. Full debitand credit card numbers, including expiration datesand CVV codes were going for 20 to 100 each.A cyber criminal would have to sell just 100 stolencards at 20 each to recoup the cost of the BlackPOSmalware. Data for more than 40 million cards wasstolen in the Target breach.There has been a lot of speculation about the strain ofmalware used in the Target breach. IntelCrawler, asecurity research firm, reported that the mastermindbehind the malware used in the Target attack is a 17year-old boy. After creating the malware, calledBlackPOS, he sold it to a number of hackers on theonline black market for the relatively low price of9 2,000.The simplicity of ChewBacca and the inexpensiveavailability of BlackPOS underlie the challenge thatbusinesses are facing when it comes to POS malware.The community that creates and sells this type ofmalware is vast. It is knowledgeable and hasseemingly limitless resources. POS malware isconstantly being shared or sold on the online blackmarket, and updated to outwit company securitysystems. All of these factors combined make itincreasingly difficult for companies to protectagainst it.Confidential and Proprietary CSIDPOS Malware [ 3 ]
What Can Businesses Do?The truth is, no POS system can be 100 percent secure but basicsecurity measures can help. The following measures can be taken toreduce the risk and mitigate the impact of POS malware. Use secure logins and passwords on all network systemsand proactively monitor employee and vendor credentials.In Target’s case, a vendor’s credentials provided access tothe company’s network, which ultimately led to access ofthe POS system. With proactive monitoring, employee andvendor credentials can be identified as soon as they arecompromised, allowing the business to change thecredentials before they can be used. Company IP addressescan also be monitored, giving businesses the opportunity toidentify when sensitive data is leaving the company networkand respond quickly. Educate employees on security basics. The basics includethings like how to create secure passwords, not reusingpasswords across multiple sites, how to identify maliciouslinks, and what to do in the event a malicious link is clicked.Employees are often the weakest link in any securitysystem. Education is an easy way to prevent costly mistakes. Ensure that all POS software is up-to-date with the latestpatches. Updated versions can bring security and bug fixesthat will keep card data safe. Restrict POS system access to the Internet. This willprevent users from accidentally exposing the POS system tosecurity threats. This will not eliminate the threat ofintrusions on a company’s internal network. Implement basic security measures like installing afirewall and encrypting sensitive information. A firewallcan prevent unauthorized access to and from a system.Encrypting sensitive information makes it more difficult for acyber criminal to cash in on or use stolen data.Confidential and Proprietary CSIDPOS Malware [ 4 ]
Looking to the FutureIn the short-term, there is no sure solution to prevent POS systembreaches. In the long-term, there are solutions that could beimplemented that would reduce the impact of POS malware. Onesuch solution is utilizing EMV-enabled credit cards. EMV stands forEuropay, MasterCard and Visa. Traditional magnetic stripe cardsstore credit card numbers and expiration dates, which can easily bestolen and reused to make counterfeit cards. Conversely, EMVenabled cards encrypt transaction data different each time the cardis used, making counterfeiting incredibly difficult. It may be a whilebefore EMV-enabled cards are widely available in the U.S.For many retailers the cost of replacing their POS systems to beEMV-compatible outweighs the cost of a potential breach. But as thethreat and cost of POS system breaches continue to increase, manyretailers will likely look into speeding up the adoption EMV cards.Target’s CFO announced in early February that the company isinvesting 100 million in order to be equipped to handle EMVtechnology by the first quarter of 2015. This is six months earlier than11their previous implementation goal.As security measures are put into place that make POS systembreaches more difficult and the data obtained from them lessvaluable, it is likely that the number of these breaches will decrease.Cyber criminals have proved that they follow the easy money. POSsystems are just the latest in a long line of focused attacks andcertainly won’t be the last type of breach the security industry willhave to deal with.Confidential and Proprietary CSIDPOS Malware [ 5 ]
ABOUT CSIDCSID, a part of Experian, is a leading provider of globalidentity protection and fraud detection technologies forbusinesses, their employees, and consumers. With CSID’senterprise-level solutions, businesses can take a proactiveapproach to protecting the identities of their consumersall around the world. CSID’s comprehensive identityprotection services extend beyond credit monitoringto include a full suite of identity monitoring and frauddetection services; identity theft insurance provided underpolicies issued to CSID; full-service restoration services;and proactive data breach services.www.csid.comADDITIONAL SOURCES1Data Breach FAQ, Target , 2013Neiman Marcus Downsizes Breach Estimate, Bank Info Security, 20143Who Should Pay for Data Theft?, Bloomberg Businessweek, 20144Target cyber attack not isolated, warns FBI, ComputerWeekly.com, 20145PCI FAQS, PCI Compliance Guide, 20146TJX data breach: At 45.6M card numbers, it’s the biggest ever, ComputerWorld, 20077Understanding malware targeting Point of Sale Systems, Br Labs, 20148RSA Uncovers New POS Malware Operation Stealing Payment Card & Personal Information, RSA, 20149IntelCrawler: “The teenager is the author of BlackPOS/Kaptoxa malware, several other breaches may berevealed soon”, IntelCrawler, 201410FBI Warns of More Cyber Attacks, Financial Times, 201411Are We Finally Ready for EMV Cards?, Fox Business, 20142Confidential and Proprietary CSIDPOS Malware [ 6 ]
access a company's POS system. Once a hacker has access to the POS system, they can install a type of POS malware known as a RAM scraper. RAM scrapers are designed to extract payment data from a POS device's memory before the data is encrypted and transmitted. When a credit or debit card is run, data from the card is stored on the POS .
May 02, 2018 · D. Program Evaluation ͟The organization has provided a description of the framework for how each program will be evaluated. The framework should include all the elements below: ͟The evaluation methods are cost-effective for the organization ͟Quantitative and qualitative data is being collected (at Basics tier, data collection must have begun)
Silat is a combative art of self-defense and survival rooted from Matay archipelago. It was traced at thé early of Langkasuka Kingdom (2nd century CE) till thé reign of Melaka (Malaysia) Sultanate era (13th century). Silat has now evolved to become part of social culture and tradition with thé appearance of a fine physical and spiritual .
̶The leading indicator of employee engagement is based on the quality of the relationship between employee and supervisor Empower your managers! ̶Help them understand the impact on the organization ̶Share important changes, plan options, tasks, and deadlines ̶Provide key messages and talking points ̶Prepare them to answer employee questions
Dr. Sunita Bharatwal** Dr. Pawan Garga*** Abstract Customer satisfaction is derived from thè functionalities and values, a product or Service can provide. The current study aims to segregate thè dimensions of ordine Service quality and gather insights on its impact on web shopping. The trends of purchases have
On an exceptional basis, Member States may request UNESCO to provide thé candidates with access to thé platform so they can complète thé form by themselves. Thèse requests must be addressed to esd rize unesco. or by 15 A ril 2021 UNESCO will provide thé nomineewith accessto thé platform via their émail address.
Chính Văn.- Còn đức Thế tôn thì tuệ giác cực kỳ trong sạch 8: hiện hành bất nhị 9, đạt đến vô tướng 10, đứng vào chỗ đứng của các đức Thế tôn 11, thể hiện tính bình đẳng của các Ngài, đến chỗ không còn chướng ngại 12, giáo pháp không thể khuynh đảo, tâm thức không bị cản trở, cái được
MARCH 1973/FIFTY CENTS o 1 u ar CC,, tonics INCLUDING Electronics World UNDERSTANDING NEW FM TUNER SPECS CRYSTALS FOR CB BUILD: 1;: .Á Low Cóst Digital Clock ','Thé Light.Probé *Stage Lighting for thé Amateur s. Po ROCK\ MUSIC AND NOISE POLLUTION HOW WE HEAR THE WAY WE DO TEST REPORTS: - Dynacó FM -51 . ti Whárfedale W60E Speaker System' .
Food outlets which focused on food quality, Service quality, environment and price factors, are thè valuable factors for food outlets to increase thè satisfaction level of customers and it will create a positive impact through word ofmouth. Keyword : Customer satisfaction, food quality, Service quality, physical environment off ood outlets .
