POS Systems, Malware and XP Converging to Form a Perfect Storm for Retailers in 2014

2013 was a harsh reality check for many retailers. POS (Point of Sale) system hacks on Target, Neimen Marcus, Michaels and a host of retailers across at least 11 countries made for scary headlines to close out the year. Well over 100 million holiday shoppers were directly affected, and confidence in card transactions, the lifeblood of most retailers today, took a real hit. Losses from Target’s breach alone will be well into the ten figure range when all is said and done, and that’s without their customers’ finances even in the conversation.

The big question now is, what does it all mean for retailers in 2014? The answer is, a real storm is brewing.

RAM scraper revival

RAM scrapers are not new, but thanks to the unequivocal successes RAM scraper exploit kits like Black POS and Chewbacca had in those devastatingly effective high-profile attacks last year, retailers can count on hackers milking this weakness until it no longer reaps big rewards. The revival is on.

What exactly is a RAM scraper?

In short, a RAM scraper is malware that intercepts information that would normally be encrypted (like POS transactions) while they are in the system or device’s RAM memory. By getting the data out of RAM, it hasn’t been encrypted yet. It is still in plain text form while being initially processed in memory. Only after this step is it encrypted and sent on its way to whatever secure server it ‘s supposed to go to. The Target, Niemen Marcus and Michael’s hacks and the other big ones recently, like the Chewbacca Trojan (another recent RAM scraper success), brought a lot of attention to the problem, and fear to retailers. RAM scrapers can be next to impossible for many standard antivirus/antimalware solutions to detect because hackers are steadily employing more antivirus evasion techniques or packing tools to alter malware signatures.

So what can you do?

Identifying and remediating the attack as quickly as possible is obviously paramount. Unfortunately, signature-based detection is the standard template for most of detection products still being widely used today. So it’s easy to see why non-signature reliant next-generation antimalware solutions, like GDF’s Data Breach Response Toolkit (DBRT), are becoming more necessary by the day. DBRT can find the most advanced malware out there by sniffing out suspicious system activity, not by relying on a signature that hackers are getting better at disguising every day.

Microsoft is “pulling the plug” on Windows XP - Don’t let it spell the end for your retail business too

If you are a retailer with an XP-based POS system, circle April 8th on your calendar in red. That’s the official “end-of-life” day for Windows XP. That means no more Patch Tuesday security updates from Microsoft. And since part of PCI DSS (Payment Card Industry Data Security Standards) compliance hinges on maintaining current security updates, significant problems are looming large for retailers relying on outdated POS systems. Fines for non-compliance can range from $5,000 to $100,000 a month, which alone could very likely put many smaller retailers into a death spin. Even upgrading the operating system may not be enough. The older applications may not work properly and other integration issues could crop up as well. Workaround attempts like shifting to compatibility mode or virtual desktops will not only slow down and otherwise hinder daily operations, but may not work at all after all the effort. Finally biting the bullet on a new and updated POS system from the ground up is obviously the best choice, but as the costs involved can be a burden just as crippling, many will try everything imaginable just to stay afloat until they are ready and able to switch. In other words, advantage – bad guys.

Get the right help in time

The successes of these recent massive breaches on POS systems already spawned a surge of copycats that are putting their own new variation twists on RAM scraper malware now that these hackers can smell blood in the water. Couple that with the swan song of XP and you have the makings for a perfect storm quickly bearing down on retailers. GDF’s vulnerability assessments can let you know where you stand, both from a compliance perspective and a security perspective, so call us today and let our specialists help you identify and remediate the weaknesses in your entire data environment. Because while weak POS system breaches have been making the big headlines, there are a lot more threat vectors that need to also be considered for effective security - and that is GDF’s domain.