How retailers can stay safe from e-skimming and attacks on POS systems over the holidays

POS systems based on the iPad have grown popular over the years and are especially vulnerable to attack over the holidays. Today’s columnist, Greg Foss of VMware Carbon Black, analyzes some of the threats retailers face and offers security tips to make online and POS shopping systems safe. (Credit: CC BY-NC-ND 2.0)

There’s no shortage of cyber threats facing retailers and shoppers this holiday season, as the volume and sophistication of cyberattacks surge with more consumers shopping online than ever. Cyber Monday 2020 was the biggest online shopping day in U.S. history with sales hitting $10.84 billion.  

The influx of online shopping has caused a rise in cyberattacks at retailers through methods like e-skimming and targeting of point of sale (POS) systems. Additionally, our researchers at VMware Carbon Black have seen POS malware variants in use across a wide variety of retailers. These attacks rely on the physical swipes of cards, which then let the malware exfiltrate credit card data along with verification data, such as PIN numbers or zip codes.

Cashing in on holiday hacking

These cyberattacks targeting the retail industry during the holiday season have a very low barrier to entry. They are low-cost for attackers and include all of the necessary details, which bad threat actors can then sell on cybercrime forums. Recent VMware Carbon Black research into dark web forums found swiped credit card information being sold at the low cost of $10-20 per card. Similarly, PayPal accounts are selling for $2-10 each, depending on how much money is in the account. A loaded account comes at a higher price tag.

E-crimes groups continue to grow

Making matters worse, today’s sophisticated attack groups are consistently extending their capabilities and tactics to infiltrate e-commerce applications and avoid detection, meaning these activities occur without retailers or consumers ever catching wind. A recent example of this: Magecart threat actors impersonating legitimate payment applications by way of homoglyph attacks, ultimately fooling victims into visiting malicious websites.

With these threats significantly increasing during the holiday season, we must all remain vigilant and follow best practices to stay secure when shopping online. Retailers should take the following steps:

  • Secure the integrity of both end-user and POS systems, and maintain the ability to monitor network activity for both preventative and forensic measures in the event of an attack. 
  • Collect, aggregate, and alert real-time process data from endpoints and POS systems alike, in addition to monitoring related infrastructure residing within the organization’s network.
  • Document baseline behaviors across POS systems and implement a process to identify changes. Use this data to identify the deployment of malicious card-skimming POS malware, such as TinyPOS.
  • Ensure that all applications are up-to-date via patch management and vulnerability prioritization. Conduct regular code integrity checks on public-facing e-commerce applications and implement web application firewalls as an added layer of defense.

We will continue to see bad threat actors target both eager shoppers and retailers this holiday season. With evolving tactics such as e-skimming and POS attacks, cybercriminals have their sights set on not only the holiday season, but continuing to cash in on online shopping as the pandemic extends into early 2021. To stay one step ahead of attackers, retailers and consumers must take the necessary precautions to protect against threats. This will help ensure a happy holiday shopping season for all.

Greg Foss, senior cybersecurity strategist, VMware Carbon Black

Greg Foss

Greg Foss is a Senior Threat Researcher with VMware Carbon Black’s Threat Analysis Unit (TAU) where he focuses on detection engineering, security efficacy, and bypasses across the diverse product line. In previous roles, Greg led a Threat Research team, built and ran a Global Security Operations program, consulted in penetration testing, and worked as a security analyst for the federal government. Greg is a very active member of the Denver information security community who loves to give back and support the industry.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.