US-CERT ALERT: Malware Targeting Point of Sale Systems

Share Button

The U.S. Computer Emergency Readiness Team (US-CERT) yesterday put out an alert (https://www.us-cert.gov/ncas/alerts/TA14-002A) on malware targeting Point of Sale (POS) systems, which retailers use to process transactions from consumers.

While POS targeting is nothing new, the threat has clearly escalated to a level that US-CERT felt it impactful enough to issue an alert. And while they offer up best practices for POS system owners to protect themselves and their customers from unauthorized access to their systems, they also recognize that no system is impenetrable. As such, they also offer up consumer tips for individuals to protect themselves if they believe their credit or debit cards have been compromised via a POS system.

At Easy Solutions, we believe POS system owners and financial institutions can take further steps to protect themselves and their customers. While traditional antivirus and firewall systems are useful for protecting against easily recognized threats, which are well-known and for which AV vendors have had the time to write signatures, they do nothing to protect against newer, targeted attacks on systems – often times with new malware being written daily specifically to thwart those systems.

Easy Solutions offers black-market monitoring as part of our Detect Monitoring Service (DMS) to provide our customers with early warning of massive credit/debit card breaches that are driven by POS malware (like the Target breach was). Any data that is collected via malware on POS terminals will quickly end up on the black market. Black-market monitoring can mitigate losses, and also serve as an indicator that a severe infection is going on. By proactively monitoring for indicators of compromise, institutions can take additional steps to shutdown threats before they result in system wide compromise.

For more information, visit: http://www.easysol.net/newweb/Products/detect_monitoring_service

Leave a Reply

Your email address will not be published. Required fields are marked *