Protecting Your POS System from PoSeidon and Other Malware Attacks



Similar documents
Alert (TA14-212A) Backoff Point-of-Sale Malware

Operation Liberpy : Keyloggers and information theft in Latin America

SECURING YOUR REMOTE DESKTOP CONNECTION

Network Detective. HIPAA Compliance Module RapidFire Tools, Inc. All rights reserved V

SENSE Security overview 2014

Where every interaction matters.

Driving Company Security is Challenging. Centralized Management Makes it Simple.

Hong Kong Information Security Outlook 2015 香 港 資 訊 保 安 展 望

RemotelyAnywhere. Security Considerations

Blue Jeans Network Security Features

Compliance and Security Challenges with Remote Administration

What Do You Mean My Cloud Data Isn t Secure?

Codes of Connection for Devices Connected to Newcastle University ICT Network

Data Center security trends

The Business Case for Security Information Management

Enterprise Cybersecurity Best Practices Part Number MAN Revision 006

Franchise Data Compromise Trends and Cardholder. December, 2010

NATIONAL CYBER SECURITY AWARENESS MONTH

The Key to Secure Online Financial Transactions

MITIGATING LARGE MERCHANT DATA BREACHES

Device Hardening, Vulnerability Remediation and Mitigation for Security Compliance

V ISA SECURITY ALERT 13 November 2015

Verifone Enhanced Zone Router

Protecting Your Organisation from Targeted Cyber Intrusion

Host Hardening. Presented by. Douglas Couch & Nathan Heck Security Analysts for ITaP 1

Analyzing HTTP/HTTPS Traffic Logs

WHITE PAPER. FortiWeb and the OWASP Top 10 Mitigating the most dangerous application security threats

Netop Remote Control Security Server

Securing Internet Facing. Applications. Technical White Paper. configuration drift, in which IT members open up ports or make small, supposedly

Evolution Of Cyber Threats & Defense Approaches

Endpoint Threat Detection without the Pain

Host/Platform Security. Module 11

RBackup Server Installation and Setup Instructions and Worksheet. Read and comply with Installation Prerequisites (In this document)

Internet-based remote support for help desks. Product white paper

Internet Security Protecting Your Business. Hayden Johnston & Rik Perry WYSCOM

8/17/2010. Over 90% of all compromised merchants are PCI level 4 (small) merchants or merchants with less than 1 million transactions per year

A Case for Managed Security

Top five strategies for combating modern threats Is anti-virus dead?

CONTENTS. PCI DSS Compliance Guide

Presentation for : The New England Board of Higher Education. Hot Topics in IT Security and Data Privacy

KASPERSKY SECURITY INTELLIGENCE SERVICES. EXPERT SERVICES.

FastPOS: Quick and Easy Credit Card Theft

The Evolving Threat Landscape and New Best Practices for SSL

Spyware. Michael Glenn Technology Management 2004 Qwest Communications International Inc.

Xerox Mobile Print Cloud

Seven Strategies to Defend ICSs

Agenda , Palo Alto Networks. Confidential and Proprietary.

Security Considerations for DirectAccess Deployments. Whitepaper

Marble & MobileIron Mobile App Risk Mitigation

Cyber Essentials Questionnaire

Malware, Phishing, and Cybercrime Dangerous Threats Facing the SMB State of Cybercrime

Internet threats: steps to security for your small business

AUTHORED BY: George W. Gray CTO, VP Software & Information Systems Ivenix, Inc. ADDRESSING CYBERSECURITY IN INFUSION DEVICES

SAP Cybersecurity Solution Brief. Objectives Solution Benefits Quick Facts

Security Policy JUNE 1, SalesNOW. Security Policy v v

Spyware Doctor Enterprise Technical Data Sheet

Security Policy Revision Date: 23 April 2009

Electronic Fraud Awareness Advisory

Management, Logging and Troubleshooting

Mobile Admin Security

Trend Micro Incorporated Research Paper Adding Android and Mac OS X Malware to the APT Toolbox

5 Steps to Advanced Threat Protection

Cyber - Security and Investigations. Ingrid Beierly August 18, 2008

FileCloud Security FAQ

Did you know your security solution can help with PCI compliance too?

Give Vendors Access to the Data They Need NOT Access to Your Network

FINAL DoIT v.4 PAYMENT CARD INDUSTRY DATA SECURITY STANDARDS APPLICATION DEVELOPMENT AND MAINTENANCE PROCEDURES

Remote Deposit Quick Start Guide

Security Consultant Scenario INFO Term Project. Brad S. Brady. Drexel University

How NETGEAR ProSecure UTM Helps Small Businesses Meet PCI Requirements

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

whitepaper 4 Best Practices for Building PCI DSS Compliant Networks

BlackBerry Enterprise Service 10. Secure Work Space for ios and Android Version: Security Note

Teradata and Protegrity High-Value Protection for High-Value Data

PCI DSS 3.0 : THE CHANGES AND HOW THEY WILL EFFECT YOUR BUSINESS

Complying with PCI Data Security

Presented by: Mike Morris and Jim Rumph

Security. Tiffany Trent-Abram VP, Global Product Management. November 6 th, One Connection - A World of Opportunities

Cyber Security in Taiwan's Government Institutions: From APT To. Investigation Policies

Data Security for the Hospitality

Advanced Persistent Threats

Keystroke Encryption Technology Explained

Fighting Off an Advanced Persistent Threat & Defending Infrastructure and Data. Dave Shackleford February, 2012

Global Partner Management Notice

Best Practices for DanPac Express Cyber Security

Transcription:

Protecting Your POS System from PoSeidon and Other Malware Attacks A Multi-tier, Defense in Depth Strategy for Securing Point of Sale Systems from Remote Access Attacks Retailers are being threatened by a new wave of malware aimed directly at point-of-sale (PoS) systems. A program called PoSeidon is being used by cybercriminals to steal payment card data from retailers. This whitepaper explains how PoSeidon works, and provides techniques that retailers and POS suppliers can use to protect themselves and their customers from this threat, and from other, similar attacks conducted through remote access software.

A New Threat to Point-of-Sale Systems In March 2015, the Cisco Security Solutions team 1 identified a new Trojan program they called PoSeidon that skims credit card information from point-of-sale systems. This whitepaper explains how PoSeidon works, and provides techniques that retailers and POS suppliers can use to protect themselves and their customers from this threat, and from other, similar attacks conducted through remote access software. What is PoSeidon? PoSeidon is the name given to a new Trojan program that targets point-of-sale terminals, stealing consumer payment card data for use by criminals. Lucian Constantine of IDG New Service 2 described the malware this way: The CSS researchers have identified three malware components that are likely associated with PoSeidon: a keylogger, a loader and a memory scraper that also has keylogging functionality. The keylogger is designed to steal credentials for the LogMeIn remote access application. It deletes encrypted LogMeIn passwords and profiles that are stored in the system registry in order to force users to type them again, at which point it will capture them. The CSS researchers believe this keylogger is potentially used to steal remote access credentials that are needed to compromise point-of-sale systems and install PoSeidon. Past studies have showed that PoS terminals are typically compromised through stolen or brute-forced remote access credentials, as many of them are configured for remote technical support. Once the PoSeidon attackers get access to a PoS terminal, they install a component known as a loader. This component creates the registry keys needed to maintain the infection s persistence across system reboots and downloads another file called FindStr from a hard-coded list of command-and-control (C&C) servers. the attackers may have stolen LogMeIn credentials in order to remotely access the POS device (and perhaps many others with the same account) and install the POS malware. Sagie Dulce, security researcher at Imperva 3 As its name implies, FindStr is used to find strings that match payment card numbers in the memory of running processes. The Trojan then verifies that the captured strings are actually credit card numbers by using an algorithm known as the Luhn formula, and uploads them to one of several command-andcontrol servers along with other data captured through its key logging functionality. 1 Set persistence to survive reboot EXE Loader 2 Request command from C&C.ru C&C 3 Send URL to download & execute: FindStr 5 Install keylogger on POS device 4 Download & execute EXE File 6 Check memory for CC numbers EXE FindStr 7 Send CC numbers & keystrokes.ru Exfil

How Can You Defend Yourself from PoSeidon? Defending against malware like PoSeidon is difficult. There is no silver-bullet to protect your network against the variety of tools, exploits and attacks criminals will throw against you. As a result, Netop recommends a defense-in-depth strategy for security. Because Point of Sale attacks often target remote access tools, it is vital your remote access and control strategies include multiple overlapping layers of defense and protection. 24% World Top 100 Retailers Netop has been supplying the retail industry with unparalleled security for remote access and remote control for nearly 30 years. With 24% of the world s top 100 retailers and 42% of the world s top banks using Netop Remote Control, you can trust our security has been tested and verified. Netop s approach to security focuses on four overlapping strategies: 1 2 3 4 Secure the line user access user rights Document what happens Spartan Stores strengthened their security and achieved a 30% increase in efficiency when they switched to Netop Remote Control SUPPORT S Market-Lea 256-bit A Encryptio Secure The Line Secure remote access relies on strong encryption to ensure the confidentiality, integrity and authenticity of data being transmitted. Encryption is like a three legged stool. One weak leg and the stool collapses. Many remote access vendors provide high levels of encryption, but provide weak key exchange and message authentication, creating a dangerous risk of collapsing their encryption. Netop s approach to encryption is comprehensive: Data confidentiality is ensured with up to 256-bit AES (Advanced Encryption Standard) IT Admin Group Data integrity is ensured with upt to 256-bit SHA HMAC (Secure Hash Standard or Keyed-Hash Message Authentication Codes) Data authenticity is ensured with a combination of 2048-bit Diffie Hellman key exchange and the 256-bit Sales Group AES and 512-bit SHA SUPPORT S Helpdesk Group Backup s Super User Group ment t Group Netop Security External Group SAP Complete centrailized and scalable management of who can do what where and when with a Finance Group few clicks Closed Us Groups 100% Protection non-approved u

SUPPORT STAFF Market-Leading 256-bit AES Encryption User Access END USER Market-Leading Dynamic Key Exchange The Liquor Control Board of Ontario, one of Canada s largest retailers meets security standards 1 with a remote support solution from Netop that provides centrally 5 managed security, 6 authentication and authorization for point of sale systems. Set persist survive reb Install keyl on POS dev Check mem for CC num Strong encryption is a crucial first step to securing data, but encryption alone is not sufficient to keep you safe. Managing user access is necessary to prevent unintended users from accessing your network and unencrypting the data with stolen credentials. Netop provides several options for managing user access that includes: Minimize Threat Vectors. Your network is being scanned continuously. Every public IP address, all your open ports, and any inbound firewall exceptions you ve allowed are now threat vectors. Netop s WebConnect service provides Internet connectivity without open ports or inbound firewall exceptions. SUPPORT Within STAFF closed networks Netop can be configured to prevent END devices USER from advertising connection details, preventing network browse requests and using specific IP address checks prior to making a connection. Using Netop s secure gateways, customers can provide a single secured access point into closed network segments without opening those devices to the Internet. SUPPORT STAFF Closed User Groups. Unique to Netop Remote Control, closed user groups provide protection against non-approved users by limiting communication to devices that have been pre-configured with a unique Closed User Group License. The Closed User Group is a highly effective mechanism for Authentication preventing outside parties from interacting Users can authenticate with the systems in your network. through Directory Services, smart cards, tokens etc. Multi-Factor Closed Authentication. User Dual factor or multi factor authentication User mitigates controlled the threat of stolen or compromised Groups passwords. Netop supports multi-factor authentication options accessincluding: RSA SecureID, 100% Protection Windows against Azure, Radius servers, smart cards, tokens and others. The user will need to actively non-approved users click a button to allow the Guest access User Controlled Access. For attended devices, Netop can be configured so that end-users must confirm and allow remote access before a remote session can be established. Even if user controlled access is not enforced, connection notifications can be configured to notify the local user upon, during, or after a session.

SUPPORT STAFF END USER 1 2 3 4 Secure the line user access user rights Document what happens Authentication Users can authenticate through Directory Services, smart cards, tokens etc. Closed User Groups User controlled access 100% Protection against The user will need to actively non-approved users click a button to allow the Guest access POS equipment SUPPORT STAFF vendor SUPPORT SIR Solutions turned to Netop for a cost-effective and secure way to support thousands of retail devices across hundreds ofmarket-le 256-bit A locations. Encrypt User Rights Securing remote access doesn t stop with encrypted traffic and authenticated users. Once a user has successfully accessed a networked device, managing their rights and permissions is the next step in maintaining your security. Netop provides a sophisticated system of role based access controls with centralized and scalable management of who can do what, where and when. Specific features including file transfer, remote keyboard and mouse control, monitoring, and system inventory can be turned on or off with the click of a button for users, roles and groups. SUPPORT IT Admin Group Sales Group Helpdesk Group Backup s Super User Group mentt G Group External Group Netop Security SAP Finance Group Complete centrailized and scalable management of who can do what where and when with a few clicks Netop Remote Control offers cloud hosting or on premise options to meet your security needs. Closed U Group 100% Protectio non-approved

on POS device 4 Download & execute EXE 6 Check memory for CC numbers Document What Happens.ru 7 Send CC numbers & keystrokes Exfil EXE The last line of defense against hackers FindStr and criminals is robust logging and activity histories. Having the ability to identify what happened, when it happened and who was involved is critical to mitigating ongoing attacks and cleaning up an attack that has been resolved. Netop Remote Control includes over 100 logable events and provides full screen recording if required. Logs and screen recordings can be stored locally or centrally. Systems can be configured to prevent connectivity if screen recording is unavailable or disabled. About Netop Remote Control Why do 24% of the world s top 100 retailers use Netop Remote Control? Because security matters. Netop is the most secure, trusted and scalable remote support software solution on the market today. We ve been helping customers grow their enterprises with secure remote control and support for workstations, servers, embedded systems and mobile devices for 30 years. SUPPORT STAFF Central Recording END USER Central Logging 100+Log Events and Screen Recording Central recording or local recording offers the most secure way of knowing exactly who did what and when. Conclusion Security matters. While no company can protect themselves against every form of attack, there are basic steps that retailers and system providers can take to safeguard customer data from PoSeidon and other forms of malware that attack point-of-sale systems through remote access software. Start by assessing the remote access solutions used at your company. Are you using general purpose remote access software, or a solution that is designed for PCI compliance and security like Netop Remote Control? Are you taking advantage of advanced security features like multifactor authentication and closed user groups? If so, then you should be able to protect your company and your customers from PoSeidon. If not, talk to Netop about how to make your remote access system more secure.

Reference List 1. Cisco Threat Research blog post by Talos Group dated March 20, 2015: http://blogs.cisco.com/security/talos/poseidon 2. PC World article dated March 23, 2015 by Lucian Constantine, IDG News Service: http://www.pcworld.com/article/2900552/new-malware-program-poseidon-targets-pointofsale-systems.html 3. IT Security Guru article dated March 23, 2015 by Dan Raywood: http://www.itsecurityguru.org/2015/03/23/poseidon-malware-poses-fresh-retail-threat 4. Netop Case Study: Spartan Stores Realizes 30% Efficiency Gain with Netop Remote Control http://www2.netop.com/spartancasestudy 5. Netop Case Study: POS Equipment Vendor Leverages Netop Remote Control to Support Thousands of Retail Devices Across Hundreds of Locations http://www2.netop.com/sir-solutions 6. Netop Case Study: Liquor Control Board of Ontario Securely s POS Systems with Netop http://www2.netop.com/lcbocasestudy

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information