At this point, I imagine readers are starting to grow numb with the announcement of another Point-of-Sale (POS) breach. These announcements have become a common reality and will continue unless enterprises take a different approach to cybersecurity.
The latest announcement comes from Intercontinental Hotel Group (IHG) confirming that a credit card breach impacted at least a dozen properties between August and December 2016. The hotel conglomerate acknowledged in a statement that investigations found “malware installed on servers that processed payment cards used at restaurants and bars of 12 IHG managed properties.”
This trend doesn’t have to continue. There are small steps many POS merchants can take to shore up their security postures and help stop this growing trend in 2017.
POS malware, exploit tactics and the bad actors using them will continue evolve, constantly becoming more sophisticated. With every new POS breach, there is evidence that modern POS exploits focus on different areas of an organization’s environment, hiding breach tactics within different segments and processes of the system.
Many attacks focus on parts of the organization that may be graded with a lower-risk threshold, such as a customer or community portal server, where attackers can attain trusted credentials and commandeer a trusted process far away from the security of the front-end POS system.
These attacks will often use a variety of file-based and non-malware exploits. Legacy antivirus and machine-learning antivirus cannot detect or stop these non-malware attacks.
The most important thing to consider is that many of these attacks do not just target the POS systems; they target many different assets within the payment system, from critical servers to front-end user systems. There are many paths utilized to get to the keys to the kingdom (the critical data).
Carbon Black’s Next-Generation Antivirus (NGAV), Cb Defense, can help stop the troubling trend within the POS market by enabling organizations to change the detection game against both malware and non-malware attacks throughout their entire enterprise.
By utilizing streaming prevention, organizations in the POS market can switch away from the old detection paradigm, which focuses exclusively on files.
Streaming prevention changes the prevention model by utilizing event stream processing (ESP) to collect, correlate and analyze POS and all associated endpoint events in real time while helping to identify attacks as they build. In this way, modern POS attacks that use non-traditional systems and processes will be stopped.
Streaming prevention is constantly assessing the risk level and threshold of each event within the enterprise, even those that are not used in the payment process or directly attached to the POS systems. When the risk level of any event exceeds the organizations acceptable threshold, streaming prevention will stop the attack cold.
By taking steps to explore these and other techniques that deal with the ongoing threat to the POS market, businesses can find some relief in the ongoing battle against threats and get on with the business of doing business.
To learn more about Carbon Black, Cb Defense, and Streaming Prevention visit ngav.carbonblack.com