File Integrity Monitoring NON STOP FILE INTEGRITY MONITORING

Despite recent requirements of the Payment Card Industry Security Standard (PCI DSS) and enhancements in security technologies, there are still gaps in the overall security of Point-of-Sale (POS) systems.

According to Trustwave, the most recent malicious POS malware called ‘Cherry Picker’ has gone largely undetected by security providers and antivirus tools alike due to the sophisticated methods it uses to hide itself and remain unnoticed.

The malware uses a new technique for scraping credit card data from the memory of the POS system it infects. Cherry Picker’s use of encryption, configuration files, command line arguments, and obfuscation have helped the malware remain undetected since it was first spotted in 2011.

POS malware attacks have proved to be very successful for cyber criminals and only since the massive breaches like Home Depot and Target have researchers started to understand what these malicious attacks are capable of.

In a report by Symantec, they note that while many companies do in fact encrypt credit card data while on its way to the payment processor and while in transit within its network, they don’t do the same with memory resistant data on the POS systems. By introducing point-to-point encryption and the new EMV payment systems, companies can help alleviate this vulnerability.

As malware writers begin to use more sophisticated approaches when it comes to stealing credit card credentials, it is important that organizations take this threat seriously and understand that having vulnerabilities in your POS systems makes you an easy target for cyber criminals.

Breaches like that of Target and Home Depot could have been mitigated by taking some fairly easy steps: Start with the implementation of a hardened build standard with precision change detection, coupled with breach detection technology will ensure that, even if a breach is successful, you’ll at least be alerted of the fact immediately and be in a position to take action to prevent any card data loss.

Remember - Target lost credentials affecting over 70 million people in nearly two and a half weeks, so where a breach can’t be prevented, the speed of detection is crucial.

POS terminals have been proven to be easy targets for criminals and simply too sensitive to leave them without defense measures implemented. When will you take action?

 

 

 

Read the article on Dark Reading

Read more about POS Protection

Products
USA Offices
New Net Technologies Ltd
Naples
9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email USinfo@nntws.com
NNT Logo
UK Office
New Net Technologies Ltd
Spectrum House, Dunstable Road
Redbourn,
St Albans

Herts
AL3 7PR

Tel: 08456 585 005
Fax: 08456 122 031
email info@newnettechnologies.com
Connect with NNT
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
Sign up to NNT's IT security and compliance monthly newsletter. Get breaking security news, how-to tips, trends and commentary direct to your inbox.

Sign up to the NNT newsletter