Guest post by Kurt Hansen
With over 7 billion credit cards in circulation worldwide, fraud in the retail sector has been on the rise for years. Cybercriminals target Point of Sale (PoS) terminals and hack networks of retailers to steal millions of identity and credit card records – as well as other data and merchandise.
Last year data breaches worldwide increased 49 per cent and the number of data records lost or stolen increased 78 per cent according to a Wall Street Journal blog. The same article cites a 2015 report from digital security firm Gemalto, estimating 1 billion data records were compromised across 1,500 attacks last year. More than half of these attacks involved the retail industry, with much of the focus on point-of-sale (PoS) systems.
Given the growing threat, it is imperative retailers take steps to protect their customers, their business and their reputation.
Protection starts at the edge
Good security starts at the edge, which in the case of the retail industry means store locations and PoS terminals.
PoS terminals typically run a fairly simple operating system without a lot of heavy security protection. This makes them easy targets. They are often not updated regularly with modern anti-virus software; worse, they are usually connected both to each other and to a corporate network. Infect one and it is simple to infect them all.
How to spot a hack
This makes it essential retail IT departments quickly identify suspicious activity. Knowing when something looks suspicious speeds both the detection and defusing of malware on your network. Following are five steps to help spot and identify the attributes of a suspicious set of files.
1. Be suspicious of the almost ordinary
Malware is often made up of rogue files designed to hide in plain sight. Cybercriminals use file names that look familiar, embed digital certificates that appear valid, and insert comments in their code to signal it was written by a valid company. On the surface, everything may look reasonable, but any kind of close inspection will uncover flaws.
2. Know what questions need answering
Once you identify a set of files that might be malware, focus your search efforts by asking questions such as:
. What can you discern about the nature of the files?
. What is the malware's purpose and target?
. How was the malware was inserted?
. Can you uncover how the malware extracts data?
Each piece of data can provide clues and pointers to more data. Before you know it, a picture of the threat and possible damage will emerge.
3. Isolate, then investigate
There are two main methods for analysing malicious files: Static analysis that gathers evidence from the binary file without actually running it, and dynamic analysis that runs the file and observes its behaviour. Dynamic analysis is best performed using threat emulation technologies and tools, as they isolate and protect your data from malware. It is also important to realise that cyber criminals often produce their own fake analysis tools, so it's best to stick with industry-standard, open source tools from a reputable source.
4. Follow the trail
As you analyse suspect files, try to identify the nature of the files, their capabilities, estimate the damage potential and explain how the malware extracts data. Finally, look for clues about the identity of the actors behind the malware.
Securing the network
Good security for the PoS terminals must be supported by proactive protection of the company network.
This requires real-time preventative tools and strategies. For example, whether at rest or in transit, data should be protected using encryption. Networks should be segmented using secure communications and strict access controls that monitor traffic from segment to segment, limiting movement and reducing risk. In addition, every company should have in place a network protection plan.
Above all, when it comes to security, companies need to be disciplined. As soon as a security plan has been created, it should be implemented and the company should stick to it without compromise. Because, as too many retailers have discovered, half measures aren't always enough to will customers, your business or your reputation safe.
Kurt Hansen is the Regional Managing Director ANZ, Check Point Software Technologies.