Secure the integrity of both end-user and POS systems, and maintain the ability to monitor network activity for both preventative and forensic measures in the event of an attack.
Collect, aggregate, and alert real-time process data from endpoints and POS systems alike, in addition to monitoring related infrastructure residing within the organization’s network.
Document baseline behaviors across POS systems and implement a process to identify changes. Use this data to identify the deployment of malicious card-skimming POS malware, such as TinyPOS.
Ensure that all applications are up-to-date via patch management and vulnerability prioritization. Conduct regular code integrity checks on public-facing e-commerce applications and implement web application firewalls as an added layer of defense.
Federal prosecutors in Virginia are charging four individuals for a wide-ranging scheme to defraud businesses, first by hacking into their email or networks and then impersonating trusted third-party vendors in order to collect on unpaid bills.