Reducing Dwell Time of POS Attacks Can be Deceptively Simple


Attacks on Point-of-Sale (POS) systems continue to occur at staggering rates and retailers remain exposed as vulnerabilities in point-of-sale systems afford weak links for attackers to exploit. According to the 2018 Verizon Data Breach Investigation Report (DBIR), of the more than 53,000 incidents examined, 2,216 were confirmed data breaches. The Gemalto Breach Level Index, shows retail at 11% of all breaches in 2017, in 3rd place, only slightly behind Financial at 12%, and Healthcare at a staggering 27%. These findings underscore that cybercrime continues to have a far-reaching impact on businesses across all regions and industries and retail remains squarely in the attacker’s cross-hairs.

High-profile breaches have serious consequences for both retail brands and their customers who are angry, frustrated, and rapidly losing trust. POS devices are a major source contributing to credit card and personal information data loss, yet they remain one of the most difficult to protect because of historic vulnerabilities at the device endpoints. The inability to apply additional security measures such as encryption to transaction data and the challenges in detecting in-network threats early, only serve to exasperate the problem. With the value of credit card data on the DarkWeb commanding from $5 to $30 per card, attackers will not be easily deterred and will remain highly interested in POS attacks because of the potential profits involved. 

The threatscape is constantly evolving and new threads of malware such as LockPos/FlokiBot, MajikPOS, and JackPOS are appearing at unprecedented rates to attack POS terminals where the vulnerabilities of outdated Windows machines can easily be exploited. The challenges associated with securing POS systems and detecting in-network attacks can become daunting, and security alerts are often lost in a flood of alert noise. Combined, this creates the perfect “petri dish” for sophisticated threat actors to not only learn how to steal from single stores but to also extend their attacks out to networks of hundreds of locations. The ultimate jackpot for an attacker.

With the ever-expanding risk of financial and personal impact from POS breaches, many CISOs in the retail industry are shifting to an Active Defense strategy to mitigate the risks of a massive breach. At the core of this approach is deception technology which is designed to reduce dwell time by providing visibility into in-network threats and efficiently tricking an attacker into revealing themselves as they seek to recon the production environment, steal critical credentials, and download malware onto POS devices.

Active Defense does not stop at detection and incorporates offensive actions designed to change the asymmetry of an attack and detect threats early by obfuscating the attack surface with realistic device decoys, attractive bait, and breadcrumbs. These actions detect, delay, derail, and proactively defend against the enemy so they cannot advance their attack. It also raises the risk profile for the cyber-adversary as they waste their time in a misleading environment that increases their costs, forcing them to start over or find an easier target altogether.

The retail industry is now taking a page out of the attacker’s playbook and applying cyberwarfare tactics to reduce risk and add offense-based threat deception to quickly derail attacks. This well-known strategy for beating an adversary is now very much in play in today’s retail networks and has become a critical security control for the protection of retailers and our coveted credit card and financial information.

-Carolyn Crandall, Chief Deception Officer, Attivo Networks


This ad will auto-close in 10 seconds