File Integrity Monitoring NON STOP FILE INTEGRITY MONITORING

Despite recent requirements of the Payment Card Industry Security Standard (PCI DSS) and enhancements in security technologies, there are still gaps in the overall security of Point-of-Sale (POS) systems.

According to Trustwave, the most recent malicious POS malware called ‘Cherry Picker’ has gone largely undetected by security providers and antivirus tools alike due to the sophisticated methods it uses to hide and remain unnoticed.

The malware uses a new technique for scraping credit card data from the memory of the POS system it infects. Cherry Picker’s use of encryption, configuration files, command line arguments, and obfuscation have helped the malware remain undetected since it was first spotted in 2011.

POS malware attacks have proved to be very successful for cyber criminals and only since the massive breaches like Home Depot and Target have researchers started to understand what these malicious attacks are capable of.

In a report by Symantec, they note that while many companies do in fact encrypt credit card data while on its way to the payment processor and while in transit within its network, they don’t do the same with memory resistant data on the POS systems. By introducing point-to-point encryption and the new EMV payment systems, companies can help alleviate this vulnerability.

As malware writers begin to use more sophisticated approaches when it comes to stealing credit card credentials, it is important that organizations take this threat seriously and understand that having vulnerabilities in your POS systems makes you an easy target for cyber criminals.

Breaches like that of Target and Home Depot could have been mitigated by taking some fairly easy steps: Start with the implementation of a hardened build standard with Precision Change Detection, coupled with breach detection technology will ensure that, even if a breach is successful, you’ll at least be alerted of the fact immediately and be in a position to take action to prevent any card data loss.

Remember - Target lost credentials affecting over 70 million people in nearly two and a half weeks, so where a breach can’t be prevented, the speed of detection is crucial.

POS terminals have been proven to be easy targets for criminals and simply too sensitive to leave them without defense measures implemented. When will you take action?

 

Read the article on Dark Reading

Read more about POS Protection

 

 

NNT Products
USA Offices
New Net Technologies LLC
Naples
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
Atlanta
201 17th Street, Suite 300
Atlanta, Georgia, 30363.

Tel: 1-888-898-0674
email [email protected]
UK Office
New Net Technologies LLC
Rivers Lodge
West Common
Harpenden
Hertfordshire
AL5 2JN

Tel: 01582 287310
email [email protected]
Connect
Google+ Linkedin Twitter - Change Tracker Facebook rss feed YouTube
CIS benchmarking SEWP Cybersecurity 500 Sans Institute
Copyright 2017, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.