销售终端遭受攻击:为什么、如何和应该采取什么措施?

2014/11/20

In the past year, because of sale terminals (POS) system destruction caused by a surprising number of customers cardholder and personal information disclosure issue. In the last year, in December 2013, the company said sales giant Target, a few weeks before the holiday shopping season in their sales terminal system has been damaged, there are more than 110 million customers’ personal information including copying credit / debit card information required It was leaked.

Although awareness of POS machines POS machines leak vulnerabilities and the impact has been improved, but in 2014 it was hacked POS machines especially busy year. Monthly ‘deaths’ statistics have increased: Michaels, Neiman Marcus, PF Chang and Sally Beauty reporting their POS machines damaged and lost cardholders and customers’ personal information.

In August, the Department of Homeland Security warning after Backoff malware for POS machine, the high-profile mass destruction revelation of POS machines. US Secret Service reports that at least 1,000 retailers have been destroyed Backoff, seven-sale systems manufacturers also report that their customers affected system. Owners UPS stores and two large supermarket chain Supervalu and AB’s acquisition of a minority believed to be Backoff destruction.

In September, Home Depot also damaged. Krebsonsecurity.com respected blog reports that a large number of counterfeit credit cards has appeared on the black market, and is connected to the POS machine damaged.

These breaches have not stopped since. Snow Queen and Staples in the last few weeks have revealed that became a victim.

You will be the next victim of it?

Affect you and your business: Target companies learn

Target is a damaged so that we can see the POS system brings a serious impact on examples. In August, Target company said, in the first quarter and 200 million spent in the second quarter of $ 148 million has been spent to clean up the issues at hand, including malware cleanup network, providing customers free replacement card and identity theft services .

Although compensation of $ 38 million of insurance policy for this event, but did not include the Target Company cardholder and card issuer capital losses. Target is currently the company is to defend himself against any damage due to lead to billions of POS machines compensation litigation. The consequences of the damage, that is Target stock price and the company has experienced declining sales. Although it is difficult to connected consumers lose confidence because of spill is obviously a problem.

When this loophole revealed shortly after the company’s chief information officer Target resignation. In May this year, the CEO also step down, in part because of events that could occur. You can imagine that this event and leadership turmoil has affected the entire Target’s information technology and business organizations.

Do you want your company to face such a situation?

Why POS machines vulnerable to attack?

Most of the POS machines are desktop computers running Windows operating systems and a few POS device directly. Windows hacker is an easily understood and high-profile targets. In many cases, POS computer on the network is considered to operate like any other desktop computer, using a standard terminal protection Antivirus software and a personal firewall .

The traditional method is to focus on the protection of the terminal to detect threats. This makes a lot of endpoint security vulnerable to zero-day malware attacks, which threaten not yet been found and their providers signed the document has not been updated. Malware creators are very good adaptation of known malware so there will be some time they will not be detected as a threat.

BlackPOS, Target’s attack malware before being found to have had at least three months and most of the Antivirus systems can be updated to deal with it. According Verison 2014 data breach report, before being found, 85 percent of Target’s POS invasion destroyed more than two weeks. When malware is found and this time it was too late.

Comodo SecureBox: one kind of experience Paradigm

Comodo ‘s solutions for POS crisis is beginning radical hypothesis: All terminals are likely to be destroyed, so your application must be able to run in a safe environment is destroyed. We build SecureBox for the defense, so that your application can be a normal operation Shen obstinate disease instant whole environment has been flooding malicious programs.

Unlike other security solutions only protect the host system to protect through POS software, Comodo SecureBox assumes that the host is always fragile, and strict protection applications. SecureBox anti-traditional security methods, can not be shown in an ongoing process of modification, dedicated, running critical applications in the security hardening of container. The core container keyboard logger technology with enhanced properties, Antivirus scan delete memory protection, remote management protection and anti-SSL network sniffer to retrofit existing POS computer into a truly secure sales terminal platform.

Learn more about SecureBox

Tags:

Write a comment

Name
Comment