Story image

Point-of-sale malware attacks still strong in 2016

02 Mar 2016

Point-of-sale breaches continue to make headlines in the IT world, and according to Carbon Black, the trend isn’t going anywhere in 2016.

Christopher Strand, PCIP, senior director of Compliance and Governance for Carbon Black, says there are a number of factors the are contributing to POS attacks. 

1. Strand says the pressure to adopt EMV technology will continue to draw attention.

“Although most statistics point to full EMV adoption not taking place until well into 2017 or 2018, attackers will be free to take advantage of retailers in the process of implementing these devices,” he explains.

“Rushed or partial deployments that leave the PoS infrastructure unprepared to run EMV properly, along with customer and merchant confusion, will make this situation ripe for savvy attackers.”

2. Attackers will continue to target ill-prepared PoS systems.

Although the vulnerabilities are well-documented, organisations continue to struggle with their security hygiene, so that issues such as lax security configurations and weak passwords will leave many vulnerable to attack, Strand says.

“As a result, cybercriminals will continue to breach PoS environments using variants of the same malware that we’ve seen used for past breaches.”

3. The continued use of unsupported popular PoS operating systems will also leave merchants vulnerable to attack.

“During the past two years, three popular Windows operating systems – two of which are directly related to many major PoS platforms (Win XP and XP embedded) – reached their end-of-life,” says Strand.

“The vulnerabilities of these systems are still being discovered, creating another dimension of IT security risk that many merchants are failing to consider seriously.”

4. Mobile payments and e-commerce widen the threat window.

According to Strand, new ‘card not present’ scenarios may present unfamiliar threats to organisations, and 2016 is likely to see an increasing number of threats targeting other types of payment systems.

5. Increasingly complex regulatory environments will present new challenges to merchants.

“We can expect to see more regulations, fines and other consequences associated with payment systems as the community responds to continued threats,” Strand says.

“This is something for every merchant or payment provider to consider, and it may be time to re-assess their security policies and ability to enforce these.”

Strand says many who think they are not subject to the scrutiny of particular regulations and mandates may find they are now accountable.

6. An increasing awareness of security will lead to more sophisticated PoS malware.

Strand says as more merchants embrace the inevitability of cyber-attacks, malware authors will boost their efforts to stay under the radar and outflank security tools.

He says new PoS malware will target different segments of an organisation’s environment that may be outside the conventional areas of attack.

“While this approach is not as fast and easy for the attacker, it is generally more difficult to detect,” Strand explains.

“Malware authors are taking advantage of known exploit vectors found across enterprise systems, as well as intelligence on what has worked against PoS and payment systems,” he says.

“Clearly PoS and payment providers will need to build allegiances and share information more than ever in 2016.”

Apple's AirPods now come with 'Hey Siri' functionality
The new AirPods come with a standard case or a Wireless Charging Case that holds additional charges for more than 24 hours of listening time.
NZ investment funds throw weight against social media giants
A consortium of NZ funds managing assets worth more than $90m are appealing against Facebook, Twitter, and Google following the Christchurch terror attacks.
Poly appoints new A/NZ managing director, Andy Hurt
“We’re excited to be bringing together two established pioneers in audio and video technology to be moving forward and one business – Poly."
Unity and NVIDIA announce real-time ray tracing across industries
For situations that demand maximum photorealism and the highest visual fidelity, ray tracing provides reflections and accurate dynamic computations for global lighting.
NVIDIA announces Jetson Nano: A US$99 tiny, yet mighty AI computer 
“Jetson Nano makes AI more accessible to everyone, and is supported by the same underlying architecture and software that powers the world's supercomputers.”
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
NVIDIA introduces a new breed of high-performance workstations
“Data science is one of the fastest growing fields of computer science and impacts every industry."
Apple says its new iMacs are "pretty freaking powerful"
The company has chosen the tagline “Pretty. Freaking powerful” as the tagline – and it’s not too hard to see why.