Chuck Leaver – With Continuous Endpoint Visibility Marriott Point Of Sale Breach Could Have Been Avoided

Written By Andy Wilson And Presented By Ziften CEO Charles Leaver

United States retail outlets still appear an appealing target for hackers looking for payment card data as Marriott franchisee White Lodging Services Corp announced a data breach in the Spring of 2015, impacting consumers at 14 hotels across the nation from September 2014 to January 2015. This breach follows White Lodging suffered a similar breach in 2014. The hackers in both cases were supposedly able to compromise the Point-of-Sale systems of the Marriott Lounges and Restaurants at several hotels run by White Lodging. The hackers had the ability to obtain names printed on customers’ credit or debit cards, credit or debit card numbers, the security code and card expiration dates. POS systems were also the target of current breaches at Target, Neiman Marcus, Home Depot, and more.

Traditionally, Point-of-Sale (or POS) systems at numerous US retail outlets were “locked down” Windows devices running a minor set of applications geared toward their function – phoning the sale and processing a deal with the Credit Card merchant or bank. Modern Point of Sale terminals are basically PC’s that run email applications, internet browsers and remote desktop tools in addition to their transaction software applications. To be reasonable, they are almost always released behind a firewall, but are still ripe for exploit. The very best defenses can and will be breached if the target is important enough. For instance, push-button control tools utilized for management and upgrading of the Point of Sale systems are typically hijacked by hackers for their gains.

The credit card or payment processing network is a totally separate, air-gapped, and encrypted network. So how did hackers manage to take the charge card data? They took the data while it remained in memory on the Point of Sale terminal while the payment process was being carried out. Even if sellers do not store credit card information, the data can be in an unencrypted state on the POS machine while the payment deal is verified. Memory-scraping Point of Sale malware such as PoSeidon, FindPOS, FighterPOS, and PunKey are used by the data burglars to gather the payment card info in its unencrypted state. The data is then typically encrypted and recovered by the hackers or sent to the Internet where it’s retrieved by the thieves.

Ziften’s service provides continuous endpoint visibility that can find and remediate these kinds of hazards. Ziften’s MD5 hash analysis can identify new and suspicious procedures or.dll files running in the POS environment. Ziften can likewise eliminate the procedure and gather the binary for more action or analysis. It’s also possible to discover POS malware by notifying to Command and Control traffic. Ziften’s integrated Risk Intel and Customized Threat Feed alternatives permits consumers to alert when POS malware talks to C&C nodes. Finally, Ziften’s historical data permits consumers to kick start the forensic assessment of how the malware got in, what it did after it was set up, and executed and other devices are infected.

It’s past time for retailers to step up the game and try to find brand-new services to protect their customers’ payment cards.


No Responses Yet to “Chuck Leaver – With Continuous Endpoint Visibility Marriott Point Of Sale Breach Could Have Been Avoided”

Leave a Reply