Tips for Protecting POS Systems from Memory Scraping Malware

Tips for Protecting POS Systems from Memory Scraping Malware

Based on the 2015 published Dell Security Threat Report, there has been a great deal of evolution of POS system attacks and the rise of malwares that uses the dead-eye scraping to steal previous information. There is no way a malicious script could go through all the layers of encryption being applied to sensitive information and with how these encryption is implemented in the system to protect valuable data, but as the security evolves, so dsoes the attacks.

Once your point of sales system is under attack from these malware, you better expect that your data is being decrypted for processing where your data ends up in a flash drive, which gives way for the attacker to access the data. Current malwares often has multiple techniques to be able to access and decrypt any information in the file storage where your data is stored. This can be used to clone cards to create fraudulent purchases and this has happened in retail stores recently.

It has come to the attention of the many POS system providers how malwares infiltrate the RAM and decrypt any stolen data. So with the sad fact about the security threats, restaurant and retail POS system owners are now being educated with some precautionary measures and in case they get attacked. Here are some basic tips that you can do to prevent and stop malicious attacks to your POS system.

Pre-infection Practices

This is the preventative phase – protecting your system from getting any attacks however advanced they come; you need to be prepared and should be a must.

1. Make sure your OS is up-to-date as well as making sure that applications are fully patched on the POS system. A lot of these patches are centered on security so ignoring them can open up a whole new window for attackers.
2. Set up a firewall for the POS system and its network to prevent the rest of the network with getting hacked. There are several firewalls that you can install or most current POS systems carry one within itself such as the Intrusion Prevention and Anti-Malware.
3. Create a strong password and never share it to anybody. One that is hard to hack.
4. Implement and enforce anti-virus to the system to create a primary or secondary level of defense.
5. Make sure your VPN networks are encrypted.
6. Make sure to that the protection against MAC spoofing is enabled within the POS network and for any critical systems where the POS terminals communicate.
7. Make sure you do a lockdown on remote access to determine same access to the terminal.

Post-infection Practices

At some point, judging from how your network is set up, it would be safe to assume that you might get hacked or infected by some malware. Typically, sometimes the malware scraping hacks can be through hidden or doorway pages where you may have visited via the Internet. Some attackers start small scripts to infiltrate through your system making it undetectable by most firewalls or anti-malware tools. They setup a timer when the infection takes place and when the data will be stolen. Don’t fret, there are tools out there that are specifically made to detect or neutralize this data theft.

1. Temporarily take down any connection of your POS network to the Internet and do a lock-down to block any further communication of the hacked system to the attackers and further prevent the loss of more data.
2. Implement a Geo-IP and Botnet filtering detection system on all networks. If your POS system only caters to Singapore, lockdown any other communication to other countries if your customers are just within your locality.
3. Configure any DLP and SSL decryption to check if there are any credit card data leaving the network in plain text or if it is inside the SSL tunnels that goes through some internet hosts that are unknown. Make sure that it is blocked or cut off. Best is to unplug it from the internet and clean it up.

Firewalls can be costly, but if properly implemented, it can be a valuable tool for your POS system to reduce the risk of any malware infection and data theft within the network.