Point-of-Sale Vulnerabilities at Trump Hotels Emphasize Need for Faster Detection of Anomalous Activity
Between May 19th 2014 and June 2, 2015 Trump Hotels, suffered a data breach. The point of infection used was malware, and infected their front desk computers, point of sales systems, and restaurants. However, in their own words they claim that they “did not find any evidence that any customer information was removed from our systems.” While it’s comforting to find out that no evidence was found, if malware is present on point of sales systems it is probably there to steal information related to the credit cards that are swiped, or increasingly tapped, inserted, or waved. A lack of evidence does not imply the absence of crime, and to Trump Hotel’s credit, they have offered free credit monitoring services. If one is to examine a Point-of-Sale (or POS) system however you’ll notice one thing in abundance as an administrator: They rarely change, and software will be nearly homogeneous across the deployment ecosystem. This can present both positives and negatives when thinking about securing such an environment. Software changes are slow to occur, require rigorous testing, and are difficult to roll out. However, because such an environment is so homogeneous, it is also much easier to identify Point-of-Sale vulnerabilities and when something new has changed.
At Ziften we monitor all executing binaries and network connections that occur within an ecosystem the second they happen. If a single POS system began to make new network connections, or started running new software, regardless of its intent, it would be flagged for further review and examination. Ziften also collects unlimited historical data from your environment. If you want to know what happened six to twelve months ago, this is not a problem. Now dwell times and AV detection rates can be measured using our integrated threat feeds, as well as our binary collection and submission technology. Also, we’ll tell you which users executed which applications at what time across this historical record, so you can find out your initial point of infection.
POS problems continue to plague the retail and hospitality industries, which is a shame given the fairly straightforward environment to monitor with detection and response.