FREMONT, CA--(Marketwired - Dec 7, 2016) - Attivo Networks®, the award-winning leader in deception for cyber security threat detection, issued a report today detailing severe vulnerabilities in the nation's POS systems that could lead to large breaches during the Holiday shopping period and on into next year. The report, based on primary research, shows how attackers are moving laterally undetected through networks, compromising asset management servers and then using them to plant malware on POS terminals for either timed or remote activation, creating the foundation for wide-scale credit card information theft. Traditional security devices have proven to be ineffective in detecting an attacker's lateral movement, in providing malware activation visibility between asset servers and POS terminals, and in accurately correlating attack forensic data according to the report.
The lack of visibility into POS attacks provides an environment where attackers can operate with as much time as they need to find and compromise a key asset such as an Active Directory or patch management server that will expose the POS payment processing gateways. Once identified, the attacker deploys malware through the patch-management software and then compromises the payment processing application using a RAM scraper as a final payload of the attack to steal and upload card data. The report adds that once compromised it remains a constant challenge for organizations to have visibility into how widespread the attack may be and how to conclusively shut down these attacks.
It also points out that many of today's POS devices are particularly vulnerable to malware since they run on older, unprotected Windows XP or even DOS based systems in which anti-virus is not available. Additionally, in some cases, the patch management systems run in a trusted mode and there may not be anti-virus running at all. The report notes that having an endpoint security solution is not a fail safe way to prevent attacks because many of these attacks are targeted and originate from the endpoints using stolen credentials to breach the systems.
The report covers:
- Details of the vulnerabilities and three cases of breach within large, regional and mid-sized retail organization
- The anatomy and findings from these attacks
- Recommendations for early attack visibility and detection
This was the first time deception technology has been used to provide visibility into a POS attack, as well as defeat it. Researchers introduced deception technology into POS networks and found that creating lures and decoys could successfully trick attackers into revealing themselves through initial and ongoing attack phases.
"With an approach based on attacker engagement, deception traps make a highly efficient and accurate method for detecting evasive advanced threats and their lateral movement." comments Marc Feghali, co-founder of Attivo Networks. "Early visibility into these threats and the reduction of dwell time can mean the difference between a minor incident or a wide scale public breach. We found that deception changes the game and adds detection in the heart of the attacker operations. Early detection of attempts to compromise asset management servers, POS terminals and gateways is the key to stopping wide-scale attacks and the breaches we all too often read about."
"Based on this research, we predict that in 2017 there will be a significant increase in reported POS attacks, largely due to the high probability that these systems have already been breached and attackers are already active throughout many networks today, undetected and unchecked," concludes Tushar Kothari, CEO of Attivo Networks. "There is a high likelihood that breaches during this Holiday period won't be detected until well later in the year and unfortunately well after the cardholders have suffered the consequence of shopping for what will no longer feel like a good holiday deal ."
Resources: "Point-of-Sale System Attacks; the Role of Early Detection for Breach Prevention"
About Attivo Networks
Attivo Networks® is an award-winning leader in deception technology for real-time detection, analysis, and acceleration of incident response to cyber-attacks. The Attivo Threat Matrix™ Deception and Response Platform provides early detection of advanced, stolen credential, ransomware, and phishing attacks that are inside user networks, data centers, clouds, IoT and ICS-SCADA environments. By deceiving attackers into revealing themselves, comprehensive attack analysis is efficiently gathered, actionable alerts raised, and response actions automated with prevention system integrations. As part of the continuous threat management platform, ThreatPath™ provides vulnerability assessment of attack paths for proactive incident prevention. For more information, visit www.attivonetworks.com
Follow Attivo Networks: Twitter and LinkedIn