Security Magazine

Cybersecurity after Target: Getting the Facts about POS Attacks

April 15, 2014

The holidays are a time to celebrate and rejoice with family and friends. However, during the most recent holiday shopping season, many found themselves worrying whether or not the gift they purchased for a loved one put them in jeopardy due to cyber-attacks.

In December, Target announced that more than 110 million customers – almost one third of the U.S. population – had their data compromised in a large-scale breach of the company’s point-of-sale (POS) network. Cyber thieves stole cardholder names, card numbers and three-digit security codes between November 27 and December 15, as well as addresses and phone numbers. As the extent of Target’s breach started to unfold, high-end retailer Neiman Marcus announced that their POS network had also been compromised between July and October of 2013, and unauthorized purchases associated with the stolen data had been made during the holiday season.

According to a recent report from Javelin Strategy & Research, the number of people notified after a data breach that they were victims of fraud rose by 340 percent between 2010 and 2012. Data breaches such as Target and Neiman Marcus, as well as a handful of other well-known retailers, point to the shift in cybercrime and show that data breaches are becoming the new world order. No longer are attacks considered isolated incidents – they are now a common threat and all enterprises and small businesses  alike need to take note.

In the case of the Target breach, the vulnerability of the POS network was exploited by advanced persistent threats (APTs) for a few milliseconds when the malware hit. The APTs found a small crack in the network and deployed the malware, which then decrypted the sensitive information. That’s what hackers have mastered – exploiting vulnerability and using APTs as a way to do it.

There are two distinct differences between an APT and a traditional attack. First, the attack is targeted at strategic users to access key information. Second, the botnet of the APT is disguised as legitimate data traffic and can go undetected for a substantial period of time. This dramatic shift in cybercrime forces retailers to reevaluate the security of current POS networks. Even more challenging is that APTs can fly under the radar for long periods of time before an organization even knows it’s under attack.

Historically, POS networks have been regarded as proprietary systems immune to targeted network attacks. However, the recent data breaches of Target and Neiman Marcus have proven that no longer to be true – POS networks are just as vulnerable to targeted attacks as any other network.

As the POS systems have become more complex and organizations have begun allowing third-party vendor’s access to networks, more vigilance in monitoring the behavior of outside sources is needed. Traditionally, organizations have been focused on security risks from risky employee behavior or outside direct attacks; however, as digital interactions become more frequent, the growing risk of untraditional threats has grown. As such, retailers should consider a security approach similar to a traditional enterprise network comprised of desktops, laptops and mobile devices.

The solution isn’t easy, but it is feasible. It starts with the business network and implementing a comprehensive approach to network security, including securing network endpoints, implementing an intrusion prevention system and establishing an incident response plan. By securing network endpoints, advanced malware and suspicious traffic can be easily identified by the network.

While early detection of threats can help combat an attack, network administrators need to be educated on suspicious traffic and vulnerable systems. As for retailers, they need to re-evaluate their security strategy to look not only at protecting cardholder data for compliance purposes, but to ensure that ALL of the data they are collecting – from customer information to shopping trends – remains private.