Continuous Endpoint Visibility Could Have Prevented Marriott Point Of Sale Breach – Chuck Leaver

Written By Andy Wilson And Presented By Ziften CEO Charles Leaver


US retail outlets still appear an attractive target for hackers looking for credit card data as Marriott franchisee White Lodging Services Corp announced a data breach in the Spring of 2015, impacting consumers at 14 hotels throughout the nation from September 2014 to January 2015. This event follows White Lodging suffered a comparable breach in 2014. The attackers in both cases were reportedly able to jeopardize the Point-of-Sale systems of the Marriott Lounges and Restaurants at numerous locations run by White Lodging. The opponents were able to acquire names printed on consumers’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates. Point-of-Sale systems were likewise the focus of current breaches at Target, Neiman Marcus, Home Depot, and more.

Generally, Point-of-Sale (or POS) systems at many US retail outlets were “locked down” Windows computers running a minor set of applications tailored towards their function – ringing up the sale and processing a deal with the Charge card bank or merchant. Modern POS terminals are essentially PC’s that run email applications, web browsers and remote desktop tools in addition to their transaction software. To be fair, they are often deployed behind a firewall, but are still ripe for exploiting. The best defenses can and will be breached if the target is important enough. For example, push-button control tools used for management and upgrading of the POS systems are typically hijacked by hackers for their purposes.

The credit card or payment processing network is a totally separate, air-gapped, and encrypted network. So how did hackers manage to steal the charge card data? They stole the data while it remained in memory on the POS terminal while the payment procedure was being carried out. Even if retailers do not store payment card information, the data can be in an unencrypted state on the POS machine while the payment deal is confirmed. Memory-scraping Point of Sale malware such as PoSeidon, FindPOS, FighterPOS, and PunKey are used by the data thieves to gather the credit card information in its unencrypted state. The data is then typically encrypted and obtained by the cyber attackers or sent to the Internet where it’s recovered by the burglars.

Ziften’s service supplies constant endpoint visibility that can discover and remediate these types of dangers. Ziften’s MD5 hash analysis can discover new and suspicious processes or.dll files running in the Point of Sale environment. Ziften can likewise kill the procedure and gather the binary for additional action or analysis. It’s also possible to discover Point of Sale malware by notifying to Command and Control traffic. Ziften’s integrated Risk Intel and Custom Threat Feed options allows clients to alert when Point of Sale malware talks to C&C nodes. Finally, Ziften’s historical data enables consumers to kick start the forensic examination of how the malware got in, what it did after it was set up, and executed and other devices are contaminated.

It’s past time for merchants to step up the game and search for brand-new services to secure their clients’ charge cards.

Leave a Reply

Your email address will not be published. Required fields are marked *