The Beef with Malware Attacks

Jamal Bethea

A well-known fast food restaurant chain, famous for its burgers, was recently hacked and its Point-of-Sale (“POS”) system breached. The result: stolen customer information from more than 5,000 restaurants. Point of Sale systems are vulnerable to attack and just as my colleague reported, the attacks will continue and become more exotic over time.

The Investment

According to the World Payment Report from 2015, there were more than 350 billion non-cash transactions in 2013, making electronic payments the preferred method of transactions. According to a user research report by Capterra of the 400 surveyed POS buyers, 57 percent preferred on-premise/installed systems and 43 percent preferred web-based/hosted services. Regardless of how a POS is deployed in a business, a cyber-security solution that supports both installed or web-based systems is strategically important. Allow me to introduce the supportive solutions in Arbor’s Spectrum solution: ATLAS Intelligence supported by Arbor’s Security Engineering & Response Team (ASERT). ASERT is comprised of an elite group of researchers and engineers who take their unique visibility into global threat activity and integrate it into a workflow using ATLAS Intelligence feed. They then take known attacks and disseminate them into reports so customers can stay aware of continuous DDoS and advanced threats, including MALWARE!

We started with magstripe readers on credit and debit cards, we are moving to a Chip, but now malware can invade back-end systems and steal information despite card issuers steps to modernize our payment methods. When customers swipe their credit or debit cards, POS systems relying on traditional magstripe technology can store all of the cardholder’s information available on Track 1 and Track 2 of the magstripe. EMV chips increase the level of security in comparison to the magnetic strip that maintains static data. The card’s technology administers a unique code per transaction making the customer’s financial information a difficult task to obtain. So is EMV technology fool-proof? Yes, and no. Technology can only be adoptable and mainstream when the vast majority realizes the immediate ROI. The case of liability has now shifted to the card provider and their responsibility to hunt down advanced threats. Also notable, hackers are constantly improving the capabilities of their threat tools against POS systems (including malware) leaving this type of threat tool undetectable by infrastructure detection.

The Problem

Threat actors in the past employed skimming techniques to acquire customer information through POS and ATMs, but that has changed as hackers’ skills increase. Utilizing web-based malware like TreasureHuntNitlovePoSPoseidon, etc., threat actors can track credit card number sequences, mimic a display driver as an infected system, along with other strategies to acquire your information. We now introduce the fast food restaurant chain’s current dilemma, also being experienced by many other businesses with a retail system. Although the fast food restaurant chain has not confirmed the type of malware used against its POS, we are aware of several types of web-based malware capable of capturing customer financial data that have been deployed in the past against other fast food chains.

To detect and eliminate advance threats, a solution like Arbor Networks Spectrum is the answer. Arbor’s Spectrum can apply intelligence indicators as confirmation of attack campaigns. Businesses may rely on logged security data with User/Entity Behavior Analytics solution or a SIEM, but they need to understand that’s not an equivalent security solution to the threat their systems face. That data is generated from IDS/IPS, firewalls, endpoint security, etc., but for that log to be accurate to some degree a security device has to be calibrated to discover the attack.

Strategies involving detecting and responding can no longer be an acceptable means to eliminate advance threats. Let’s start thinking about a seek and contain strategy that is accomplished with an impressive hunting toolkit and legacy controls that are found in Arbor’s Spectrum.

Take a look at what Spectrum has done for some of Arbor’s customers!