Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Trustwave Unveils New Offerings to Maximize Value of Microsoft Security Investments. Learn More

Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

Database Security

Prevent unauthorized access and exceed compliance requirements.

Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Offensive Security
Solutions to maximize your security ROI
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

How to Design a Defense Against Point-of-Sale Malware Attacks

Despite increasingly tighter data protection standards, more advanced security technology and greater awareness to the threat, retail organizations remain highly coveted targets of malware attackers.

Consider the sheer number of credit and debit card numbers that many of these companies handle. Thus, it's no surprise that even when adversaries encounter resistance, they don't give up and fold up shop. Instead, they search for new and viable vectors through which to fleece companies of valuable cardholder data.

The latest trend in the widespread torment that is malware - and an alarming one at that - is highly targeted and difficult-to-detect malicious code that is designed to invade point-of-sale (POS) systems, the machines and registers on store checkout lines on which credit and debit cards are swiped. According to news agency Reuters, the FBI recently released a three-page report warning retail companies of a grave prediction: They should expect significantly more cases of POS malware in the aftermath of a recent spate of high-profile attacks.

"We believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms' actions to mitigate it," said the FBI report, seen by Reuters. "The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States make this type of financially motivated cybercrime attractive to a wide range of actors."


How does POS malware make it on to these systems and networks in the first place? Hackers have many tactics at their disposal to spread malware. But in the case of POS malware, adversaries typically exploit the fact that most retailers - Trustwave estimates around 80 percent - employ default credentials on remote administration utilities, such as Remote Desktop, LogMeIn and pcAnywhere, which are used to perform legitimate remote administrative functions on POS systems and software. Once these are compromised, the bad guys can breach POS systems and plant malware in a matter of seconds.

And don't expect traditional anti-virus (AV) to protect you. Windows XP Embedded (XPe) is among the most common POS operating systems, and while it is similar to the desktop version of Windows XP, it also lacks many features and may not be compatible with many commercial AV products. In addition, the XP platforms in use typically haven't been updated to address previously patched security

But arguably most troubling of all is that, in less than a month, Microsoft is slated to end XP support. That means the software giant no longer will supply security updates for the 13-year-old operating system, which could make POS systems even juicier targets than they are right now.

So how can you deal with POS malware? Here are six tips that may make POS attackers think twice about committing time and resources to infiltrate your organization.

Assume you've been breached

Admitting this is half the battle. Operating under the assumption you've been compromised allows companies to better prepare for the inevitable and react quicker.

Conduct a risk assessment

Identify which systems in your retail environment process and store sensitive data, and if that data is vulnerable to an attack.

Create complex passwords

Use complex passwords (at least seven characters, including at least one number, one capital letter and one special character) on remote administration utilities.

Review logs

Remote connection logs, firewall logs and Windows Security Event logs often highlight hacker transgression - allowing you to detect an incident before it's too late.

Pen test

Identify and remediate security weaknesses before the criminals spot them.

Run advanced anti-malware and DLP defenses

Consider technology like web security gateway and data loss prevention, which can be used to scan outgoing HTTP and HTTPS traffic that could identify when attackers are siphoning out cardholder data.

If malware is found on POS systems, stop using them, document the intrusion as best you can and notify appropriate parties, including your merchant bank and PCI forensic investigator, and the U.S. Secret Service.

Make no mistake, stopping POS malware attackers in their tracks is a fierce challenge. This blog post just scratches the surface.

I highly recommend perusing a just-released white paper from our SpiderLabs research team. It offers a blow-by-blow account of how these attacks look and operate, and then offers specific remedies for thwarting POS malware - or dealing with it if you've been hit.

Dan Kaplan is manager of online content at Trustwave.

Latest Trustwave Blogs

Trustwave Webinar: Getting Started with Microsoft Copilot for Security

As a Microsoft security partner, Trustwave has committed itself to helping clients get the most out of their Microsoft E5 license, including properly setting up one of E5's primary features -...

Read More

Think Pink

There are some people who say, "I already conduct red team exercises, why would I need something different that is nothing more than a watered-down red team?"

Read More

Unlock Zero Trust: Why Database Security is the Missing Piece

As organizations consider their journey to establishing a strong Zero Trust culture, they must adopt a data-centric approach, and this begins with ensuring database security.

Read More