Morphisec Cybersecurity Blog

POS Systems: What, Why and How

Written by Shelley Leveson | July 30, 2019 at 11:28 PM

With their highly valuable payment card and personal sensitive information, Point-of-Sale (POS) systems present a ripe target for cybercrime groups. A successful breach can have enormous consequences for the attacked organization, from detecting and responding, to notifying victims, post-response support, lost business and potentially hefty government fines. Modern POS environments are complicated systems with multiple entry points for attack, from phishing emails or drive-by-download exploits on employee computers to vulnerable third-party suppliers. And while payment card security standards have introduced a basic protection framework, POS-attacks have not abated under the regulations — some of the largest breaches of the past several years are due to POS systems attacks.

Point-of-Sale as Point of Compromise

POS systems are a weak security point for most networks. They are in constant use and often are not patched or updated — sometimes containing legacy systems that can’t be patched at all. Vendors and other third parties may have access to the systems, adding another level of risk.

POS systems also can be difficult to secure with anything but the most basic protection tools as many security products are resource-intensive, slow down performance and interfere with continuous availability. Today’s advanced attacks use
multiple techniques to avoid detection — such as hijacking legitimate system resources to perform malicious actions — and can easily bypass traditional POS defenses.

An Increasing Target

POS systems have not only become a target of choice for notorious cybercrime groups like FIN6, Carbanak / FIN7 and FIN8, but POS malware kits can be purchased on the cybercrime underground so even those without skills and infrastructure can set up shop. In fact, nearly 90% of cyberattacks on the accommodations and restaurant industries involve POS intrusions.

POS malware is really a generic term for the expanding number of memory-scraper Trojans that are designed to scan for, grab and exfiltrate credit and debit card data from the endpoints that process and store it. Cybercriminals easily cash in this valuable information through dark web markets. In addition, POS security systems serve as gateways where attackers can enter and move laterally to an organization’s regional, national or global data systems.

Anatomy of a Point-of-Sale Attack

Cybercriminals have developed sophisticated multi-stage attack methodologies to target valuable cardholder data. An attack generally includes the following phases:

  1. Infiltration – Attackers use a variety of methods to gain access to POS security systems. Most common are phishing emails, exploit kits delivered via browser attacks, stolen credentials and compromising trusted 3rd parties.
  2. Network traversal – After gaining a foothold, the attacker probes for weaknesses, gathering information, administrator credentials and other means to move laterally across the network, until they are able to access the POS environment.
  3. Data capture – Once inside your POS environment, RAM-scrapers, network sniffers and other malware is installed to harvest credit card data and/or establish a backdoor.
  4. Exfiltration – The acquired credit card data is transmitted via compromised FTP servers or web hosts. to the cybercriminals for sale on the dark web.

Morphisec for POS Systems

Traditional POS protection methods leave serious gaps that place your business and customers at risk. However, loading up slim POS terminals with additional security layers that require resource-intensive monitoring or constant connectivity is simply not feasible from a system performance point of view.

The Morphisec Unified Threat Prevention platform uses powerful, patented Moving Target Defense technology to prevent attacks on POS endpoints, thin clients and servers immediately, before they infiltrate your environment. Morphisec can be deployed rapidly and requires almost no management; with an extremely lightweight agent that does not slow performance, need updating or otherwise disrupt your ongoing business.