6 Cybersecurity Tips Any Business Can Learn From PCI-DSS

/0 Comments/in /by

I started this year speaking and writing about how retail establishments can protect themselves from the rising tide of malware. I continue this train of thought by considering the Payment Card Industry Data Security Standard (PCI-DSS) as a general guidance to protect any small business.

Instead of looking at PCI-DSS as guidelines for protecting cardholder data, consider it as guidance for protecting any critical data. You may wonder what critical data you have, or think that you may have nothing of value to cyber thieves. And yet any business has at least one of the following types of critical data that cybercriminals want, which means that any business “including yours” is a potential target:

  • Employee records
  • Customer records
  • Intellectual property
  • Access (user names, passwords, etc.) to partner networks (the easiest way to breach a big company many be through a small partner)
  • Access (user names, account numbers, passwords, etc.) to your bank account

Therefore, PCI-DSS guidelines can be a starting point for any business, retail or not. (I say a “starting point” because even if you are PCI-compliant as, I believe, Target was when they were breached, it does not mean you are secure.) At a high level, PCI-DSS guidelines provide some excellent places to start when looking to protect critical data. Looking at the six high-level guidelines for PCI-DSS, I have some thoughts:

  1. Build and maintain a Secure Network and SystemsThis one is pretty straightforward: build your network with an eye on security starting at the planning phase. Often businesses take a money saving approach and not structure their network for growth. This is a short-term view that often costs more money down the road. Often, in order to maximize performance, security settings are turned off. When looking at your network, make sure you are able to build it under the security umbrella. Looking at the cost of a breach, security is a very low-cost investment.
  2. Protect Cardholder DataIn the spirit of this blog, let me replace “Cardholder Data” with “Critical Data.” Making sure critical data is handled in a secure way would include encryption of your data and isolating it from those not qualified to access it. Again, something learned from Target.
  3. Maintain a Vulnerability Management ProgramAnti-virus should be something you require on all devices that can access network resources. This includes phones. I am sure we will see a newsworthy breach that starts with a compromised phone. There is a recent trend to deliver ransomware to phones. For both personal and professional reasons an antivirus on all your internet accessible devices is common sense.
  4. Implement Strong Access Control MeasuresIf you leave your freshly baked pie in the window, someone is going to take it. The aroma of your critical resources should be kept behind locked doors. It is more than passwords; the ability to see who is using these passwords will help you keep assets secure. This leads me to:
  5. Regularly Monitor and Test NetworksThere are many reputable organizations that can test your defenses. I have seen many of them offer inexpensive or free services to show you where you have vulnerabilities. Let the experts help you.
  6. Maintain an Information Security PolicySecurity is a critical business issue and should be considered integral to the organization. As you talk about products or new ways to expand your business, make sure that you do it in the context of a secure environment. After the fact and ad hoc security may leave you thinking you are protected when you actually are not.

I would hasten to add one more thing: implement an ongoing education program to build security awareness in the organization. As we all become more educated in proper cyber-hygiene, it becomes harder for criminals to compromise your organization.

The PCI guidance is something that is a great starting point for any business looking for a roadmap to security. If you are looking for more information, you might want to check out this webinar that Tim Brown, executive director and CTO of SonicWall Security, delivered on PCI – Focusing on security to meet compliance responding to changes in PCI DSS 3.1.

Dodging the Next Hack with Dell Security: Wrap Up of NRF’s BIG Show in New York

/0 Comments/in /by

Back from NYC, where I attended last week’s National Retail Federation annual conference, “The Big Show.”It’s been a long time since I’ve been to a major event like this one, but retail continues to be important to SonicWall and is now part of what I do here at SonicWall Security, particularly for our SonicWall network security offerings.

So what’s new in the retail industry? Judging from all I saw, tons, of course. Retailers are all in on getting the most out of their brick-and-mortar locations as well as their various online and social outlets. Multichannel and omnichannel are retail’s new normal. New technologies continue to emerge, starting with information technology, which drives the customer experience with data analytics, to in-store beacons and other Internet of Things devices, store, website, and fulfillment design, POS systems, targeted marketing the list goes on and on, testament to the hundreds of vendors exhibiting at the NRF show.

We had plenty of visitors to the SonicWall Security booth, and good conversations with all. Some visitors and customers joined us for happy hour and a very elegant dinner Monday evening at Colicchio & Sons, in what we used to call the Meatpacking District when I called New York my home. A part of Manhattan that was almost desolate in the evening has become very much alive. The dinner gave me a chance to listen to what customers were thinking and providing a SonicWall perspective on how we can help.

You’d think that with all the attention to hacks and breaches of major retailers, security would be a major focus of an event like this, but I didn’t find that to be the case, and was, quite frankly, surprised. Our presentation by Kent Shuart, Dodging the Next Hack, How to Protect Your Business, was one of only two conference sessions with a security focus. You can read more about Kent’s presentation in SC Magazine. Of special note is Kent’s point that small and medium size retailers may be an even bigger target in 2916 than their larger retail counterparts. Many of these small and medium sized retailers have not updated their protections while hackers continue to get more sophisticated. The black market value of credit card records is such that even a small business’s account data can be a major hack windfall.

Me, I don’t believe that the retail industry doesn’t want to talk security. I think that the industry as a whole understands that without a secure network infrastructure, the customer and business data that is their lifeblood is at risk. Whether in a store or online, businesses large and small need solid, secure, scalable, beyond-PCI-compliant network security that doesn’t just protect them from cyber criminals, but gives them a leg up on their competition.

Although the booth was small the message was big: SonicWall would like to be your trusted partner in all things IT. We can help build your retail business in a secure way without breaking the bank. Learn more about our retail solutions, or visit us online.

download ebook

Network Security Designs for Your Retail Business

/0 Comments/in , /by

The 2015 Verizon Data Breach Investigations Report (DBIR) estimate of $400 million financial loss from security breaches show the importance of managing the breaches and ensuring appropriate security infrastructure is put in place. Retail industry saw high-profile retail breaches this year through RAM scraping malware aimed at point-of-sale (POS) systems. The security breaches affect both large and small organizations. According to Verizon 2015 DBIR, attackers gained access to POS devices of small organizations through brute-force while larger breaches were a multi-step attack with some secondary system being breached before attacking the POS system. This article highlights the key design considerations to build and deploy a secure, scalable and robust retail network.

Secure Network Design Considerations

Organizations need to ensure that their networks are resilient, secure and robust. Security solution put in place must not be a knee-jerk reaction to an attack but rather a comprehensive protection solution. A typical retail location requirement includes support for POS systems, Guest Wi-Fi access, Employee access to restricted resources, third party vendor access to limited resources and reliable Internet connection with no downtime. Given these requirements, following strategies are recommended in the retail network design –

1. Network Segmentation – It is important to segment the retail network into multiple networks. This ensures that an attack on a particular device in a network does not infest the entire network. A simple, flat network design is an easy access for an infested POS terminal to bring the entire network down. Create separate networks for – POS terminals, Guest Wi-Fi devices, Employee access to restricted information and 3rd party vendor access (limited & appropriate access).

2. Access Control – Install strict access controls on all network segments to ensure how devices communicate within and across network segment(s).

3. VPN Tunnels – Create site-to-site VPN tunnels between retail location and centralized data center location to ensure all traffic originating from a POS system is always encrypted. Typically customer sensitive credit card information is encrypted when validating over internet. However, simple management data such as login credentials may not be encrypted and could pose an entry point for a security breach.

4. Security – SonicWall 2015 Annual Threat Report findings show 109% increase in the encrypted connection traffic from last year. This potentially means that attackers could be using encryption as a way to hide their malware from firewalls. It is imperative to use a Next-Generation Firewall (NGFW) that performs deep packet inspection on all traffic including encrypted ones. Deep packet inspection services such as Intrusion Prevention, Malware detection and Content Filtering are strongly recommended to reduce the risk of intrusions and malware attacks. Additionally, enable endpoint anti-virus on all POS terminals for increased security.

5. Reliability – Retail networks need to be secure, and fault tolerant with zero-downtime. For fault tolerance at smaller retail location, it is recommended to use 3G/4G backup failovers with a multi-ISP provider strategy. For heavier traffic retail location, NGFWs deployed in High-Availability mode provides for un-interrupted connectivity.

6. Guest Wi-Fi – Retail locations are increasingly using guest Wi-Fi access as a means to increase their business and stickiness with customers. For guest Wi-Fi, create a locked-down Internet-only network access for visitors or untrusted network nodes. Choose a solution that provides guest services with the latest wireless technology such as 802.11ac for increased bandwidth.

The SonicWall Next Generation Firewall based security solution provides an integrated approach to addressing all the requirements of a typical retail network. For more information on best practices for securing your retail network, download this white paper.

DOWNLOAD EBOOK

The Holiday Online Shopping Season is Coming Is Your Network Prepared?

/0 Comments/in /by

Now that Halloween is over, it’s time for the holiday online shopping season to kick in, beginning on Black Friday, continuing through Cyber Monday, and finishing up on New Year’s day. For a lot of people it’s time to start spending money.

When we shop for the holidays many of us like to do it online. The National Retail Federation indicates that more than half of U.S. consumers plan to make at least some of their holiday purchases online this year. Why? Well, we can do it from anywhere at any time. It’s convenient. That includes shopping from work.

What does it mean to your organization? Well, there’s a good chance your employees will spend some of their work time shopping online over the next six weeks. Is that a potential problem? If you consider the security of your network, the productivity of your employees and the use of network bandwidth important to your organization, then the answer is yes, and here’s why.

Online shopping at work introduces security risks. For example, employees may inadvertently create opportunities for malicious attacks directed at your organization. An “attack or threat vector” is the means a hacker uses to gain access to one or more systems or servers on your network. Through the attack vector, the hacker can compromise systems on your network and deliver a malicious payload, the most common being a virus, worm, trojan or spyware. A common threat vector around the holidays is phishing. Phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email instructing recipients to go to the fake website of a reputable business such as FedEx or UPS. The site will attempt to collect personal information such as the user’s name, passwords, social security number and credit card details. Another attack vector you may come across is “malvertising,” or “malicious advertising,” which is a threat that uses online advertising to spread malware. The malware can then capture information from an infected machine, or send probes around the network to find servers and other systems that can be compromised.

The security of your network isn’t the only issue your organization faces during the holiday buying season. Employees are exercising more freedom for personal activities such as online shopping during work hours. This is concerning. Why? Well, they’re shopping on company time so they’re not as productive and it’s likely they’re connecting to sites through the corporate network which could lead to a security risk as well as a misappropriation of valuable bandwidth.

Speaking of your bandwidth, there’s the question of how it’s being used. With likely over half of your employees shopping online at some point during the holidays, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use such as online shopping, streaming music and watching HD videos which can all have a negative impact on network performance if left unchecked.

What can you do to secure your network, improve employee productivity and get the most out of your bandwidth during the holiday online shopping season? Here are a few tips:

  • Get a next-generation firewall. If you don’t have one already, next-generation firewalls secure inbound and outbound traffic from threats, provide you the tools to determine which websites your employees can and can’t access (hint – online shopping sites) and allow you to identify and control the apps used on your network and how much bandwidth you want to allocate to them. Not only that, with more websites moving to SSL encryption, it’s important that the next-generation firewall be able to decrypt and inspect encrypted traffic for threats.
  • Help your employees learn how to avoid malvertising and recognize phishing emails. Be alert for suspicious emails and links to unknown websites.
  • Educate employees to use different passwords for every account and establish policies for strong passwords.
  • Many attacks are based on known vulnerabilities in recognized browsers, as well as in plug-ins and common apps. Therefore it’s critical to apply updates and patches promptly and reliably.
  • It’s a good idea to use tools that allow IT managers to monitor the use of network applications. It’s called “Application Intelligence” and it can help you determine if anyone is violating company policies or simply visiting sites that have no business purpose such as online shopping.

SonicWall offers a complete range industry-leading next-generation firewalls including the NSA Series that integrate numerous advanced features for deep packet inspection such as Anti-Malware, Intrusion Prevention, Application Intelligence and Control, Content and URL Filtering and SSL Decryption and Inspection.

Take Control of Your Network During the Holiday Shopping Season

/0 Comments/in /by

It’s the holiday season and that means we’re all busy with fun activities. Take online shopping for example. Many of us will do it between Black Friday and New Year’s, even for just a little while. Some of us do it at work. When employees spend time shopping online during work hours it presents challenges for any organization. Perhaps the three biggest challenges are network security, employee productivity and bandwidth consumption.

How popular is online shopping? Last year, data from the National Retail Federation (NRF) revealed that retail holiday buying increased 4.1% to just over $600 billion. Much of that shopping was done online. This year the NRF is forecasting retail sales of $630 billion, up 3.7% over 2014. According to an NRF survey almost half of all holiday shopping, whether it’s making a purchase or merely browsing, will again be done online this year. Let’s take a look at the impact this has on organizations and the steps you can take to overcome the challenges online shopping poses.

Network security

  • Malware – Employees who shop online at work inadvertently create opportunities for malicious attacks directed at your network and your organization. The most common threats are viruses, worms, Trojans and spyware.
  • Phishing – Phishing is an email fraud method in which the perpetrator sends out a legitimate-looking email in an attempt to gather personal and financial information from unsuspecting recipients.
  • Malicious advertising – Commonly referred to as “malvertising,” this threat uses online advertising to spread malware which can then capture information such as credit card and social security numbers from infected machines.

Employee productivity

  • The big drain – With workers bringing their own smartphones and tablets into the office, we’re seeing an increased blurring of the line between work life and personal life as employees exercise more freedom to use these devices for personal activities such as online shopping during work hours. When they’re shopping on company time it means they’re not working so their productivity has decreased.

Bandwidth consumption

  • Disappearing bandwidth – With about half of your employees shopping online during the holidays, the bandwidth available to critical applications on your network is going to disappear. Therefore, it’s critical to prevent vital bandwidth from being consumed by non-productive web use.

While you can’t completely eliminate threats to your network, drops in productivity and misuse of valuable bandwidth, there are measures you can take that are well within the reach of your organization simply by practicing good digital hygiene. Here are five things your organization can do to reduce the risks of a successful attack while maintaining productivity levels and conserving bandwidth.

  1. Help employees learn how to avoid malvertising and recognize phishing emails. Be on the lookout for suspicious emails and links, especially those requesting sensitive information.
  2. Educate employees to use different passwords for every account. Establish policies for strong passwords such as guidelines regarding password length, the use of special characters and periodic expiration, and reduce the number of passwords through single sign-on.
  3. Because many attacks are based on known vulnerabilities in browsers including Internet Explorer, as well as in plug-ins and common apps, it’s critical to apply updates and patches promptly and reliably. They will contain fixes that can block exploits.
  4. Make sure you install an intrusion prevention system and gateway anti-malware technology on your network. They add important layers of protection by blocking Trojans, viruses, and other malware before they reach the company network. They can also detect and block communications between malware inside the network and the cybercriminal’s server on the outside.
  5. Take back control of your network by limiting the use of your bandwidth to business-related activities. There are several technologies available such as content and URL filtering that can be used to prevent employees from visiting websites dedicated to shopping and other non-productive topics. Also, application control provides the tools to restrict the use of applications such as social media to employees who have a business reason to use them.

SonicWall offers a complete range industry-leading next-generation firewalls that secure your network from threats and give you the controls to keep employee productivity high and bandwidth focused on business-critical applications. To learn more about how these solutions can help you during the holiday shopping season and beyond, please visit our website.

Six CyberSecurity Tips for the Holiday Season

/0 Comments/in /by

The holiday shopping season is also a big season for cyber-criminals to breach high-traffic retailers. Forecasting from trends I have seen over the past 18 months, here are six security tips on how to protect your retail business. These often-overlooked recommendations are not limited to the holiday season, and you can implement them at any time:

1. Know what is connected to your network. Do you allow employees to use their personal devices to connect to your network? A favored penetration path is through unprotected devices that come on the network. First off, insist that everyone has current antivirus software loaded on their devices. Moreover, use a firewall that knows what is on your network, can enforce which applications people can access, and provide a high level of granularity to restrict access to non-productive applications (or sub-applications, such as games on Facebook).

2. Update your software. During 2015, numerous security updates were pushed to customers of browsers, operating systems, plug-ins and applications. Often overlooked during the year, software updates are the easiest way for cyber-criminals to compromise your network, commonly through outdated applications. This drafty window into your business can be easily shut. Before the holiday season gets under way, have your PC users spend an hour at the end of the day to update software (it often requires a reboot) and make sure your apps (especially Java) are up to date. Encourage users to do this monthly, insist on it quarterly.

3. Change your passwords. While you may not have been enforcing a change in passwords to access your network on a regular basis, it is a fast and easy way to close the door on insider-initiated breaches. Over the past year, employees have come and gone. Changing the password provides an opportunity to start out fresh. But now the problem becomes remembering the new password. One technique is to use a personally memorable passphrase that only you would know. If you feel you must write the password down, secure it in a locked drawer with limited access. You might be surprised how many make the dangerous mistake of writing it down on a sticky note placed on a computer.

4. Prepare for ransomware. Going by recent trends, there is an increasing chance that someone will get into your system, encrypt your data and bring your business to a halt unless you pay a ransom. Be ready. Make a backup daily (start today), and test regularly to make sure that you can easily recover your data off the network. If you do get hit, you then have a baseline to go back to, so you can keep your business going.

5. Secure your WiFi. WiFi can improve shopper experience and help retain customers. But do you know if your WiFi is secure? Is your wireless circuit set up to isolate your business traffic from your guest traffic? If not, consider turning off WiFi until it is secured. It is too easy to compromise a network through an insecure WiFi connection.

6. Isolate your POS. Speaking of isolation, make sure your POS system is isolated from the rest of your network traffic. That way, you close another door on cyber-thieves.

There is plenty more that can be done, but the holiday season may preclude additional immediate activities. My recommendation is to set a date after the holidays to review your security position and plan for improvements in 2016. Ask others who operate retail stores what they are doing. Or talk to a security specialist like those we have a SonicWall. They can help you build a roadmap to better security.

If you want to learn more about how to protect yourself from threats that have emerged as the internet grows, I encourage you to read our ebook: “How to prevent security breaches in your retail network.” It goes deeper into retail security and will help you to become savvier when you evaluate your security posture.

DOWNLOAD EBOOK

How Safe is Your Network Security in Your Retail Store

/0 Comments/in /by

Let me ask you a question. How safe is your security position in your retail store? If you lock your doors and windows, then why not lock your network as well? Locking down your network does not mean you are slowing it down for legitimate use but rather, hardening it against attacks. Now might be time to take a look at how you are being protected. You may have an outside security provider you are working with, you may have someone on your staff that does this or you may be doing it yourself. In any event, starting the conversation with a security advisor and knowing the answers to these questions may give you the information to better understand the extent to which you are protected. Knowing about security is becoming as important as knowing accounting.

So, why are retail establishments such great targets for cybercriminals?

Your assets. Cybercriminals target your bank account because it is often protected behind flimsy safeguards. If you are doing your banking over the internet, you may need to consider additional defense measures to protect the information coming into and going out of your network.

Your customers. Customer credit card data continues to be a valuable commodity for cybercriminals to sell to others who commit credit card scam. The trend of millions of credit cards being stolen annually is going to continue until proper security measures are in place. Expect an increase in point of sale (POS) attacks as criminals try to get in before new chip and pin technology is adopted later this year.

Your employees. Employee information is quite valuable in compromising individuals as well as possibly providing an entry into the individual’s network of friends and family. Knowing employee information allows criminals to impersonate an employee to gain access to your network.

Your partners. You might be doing business with larger enterprise customers. Compromising your network may be an effective way to gain entry into the networks of your enterprise partners. The Target breach came as a result of a compromised partner with access to Target’s network. Expect your partners to be asking about how they are being protected.

Many smaller and regional retail establishments consider a firewall as an “install it and forget it” product. Cybercriminals are constantly improving their game to come up with new ways to take your money. Because of the dynamic nature of the threat surface, your security posture should also be dynamic. Asking questions is a great first step in starting your security conversation.

What questions should you be asking about your network security that will help you reduce your vulnerability to attack?

  1. How old is your firewall? If you’ve been using it for more than three years, you may not be keeping up with the technology necessary to keep out cybercriminals.
  2. Does your wireless network segment employees from guests? Keeping guest and employee data separate is a keystone of a secure wireless strategy.
  3. When was the last time you paid to renew your network security subscription? If you cannot remember, it might have lapsed leaving your network wide open.
  4. Have you changed your broadband subscription? Sometimes, your broadband speed is upgraded without changing your subscription. Is your firewall able to keep up with the faster speeds?
  5. Do you know if all the security protections are turned on for your network? It is a dirty little secret that someone may be turning off security to maintain or improve network performance. You may consider network performance more important than security; this is an unnecessary tradeoff when you can have both.

If you are answering yes to these questions, you may be vulnerable to a security breach that can cost you time, money, lost customers and your good reputation. The last thing you want is to have your name in the news because of a network security breach. Security is more than a requirement. By hardening your security posture, you can avoid the downside and turn security into a competitive advantage. “Safe surfing” may well be as valuable to your customers as discounted products.

There are many moving parts to consider when evaluating your security posture. Because no silver bullet exists, the best defense is one of several layers. If you want to understand security better and learn how you can develop a security blueprint for your business, I encourage you to download the white paper “How to prevent security breaches in your retail network.”

download white paper

Thwart Retail Breaches by Tracing Digital Footprints

/0 Comments/in /by

In the time it takes you to read this blog, you will have been cyberattacked over five times. That’s the average number of intrusions that the SonicWall Global Response Intelligent Response (GRID) network detects on each of its one million firewalls every two minutes, 24 hours a day, 365 days a year. It doesn’t matter whether you are a Fortune 100 company or a small business, the chances are that your Internet doorway is under attack more than your brick and mortar doorway.

How do these cybercriminals conduct their nefarious acts? Our forensic analysis of high-profile retail breaches reveals that attackers employ multi-vector attacks: a sophisticated series of methodical strikes against specific targets to reach their goal of stealing financial or personal information. These vectors may start with a phishing email to lure victims to a legitimate website that has been compromised. The website may have a “watering hole,” a link that appears to be trustworthy, but contains an exploit that infects the target through vulnerability in the victim’s browser. Once infected, the exploit contacts a malware server to download more malicious code that worms its way through the network, mapping the location of financial information, and illegally obtaining login credentials to key servers. At this point in your reading, you’ve been attacked three times, perhaps by some of the methods above.

What can you do to protect yourself? Start by employing a next-generation firewall (NGFW). Just as the attacks are multi-vector, NGFWs offer a multi-layered defense: anti-virus, anti-spyware, anti-spam, intrusion prevention, malware prevention, application intelligence and control, web content filtering, and SSL decryption and inspection. SonicWall’s next-generation firewalls provide this protection in real-time, as the SonicWall GRID network proactively updates the firewalls with countermeasures against the latest threats found world-wide.

At this point in your reading, you’ve been attacked four times. How would you know? Enter security reporting solutions like the SonicWall Global Management System (GMS) and the SonicWall Analyzer. Both of these solutions provide over 60 pre-defined reports and an unlimited number of customizable reports. These reports are easy-to-understand charts and tables that expose the names of the attacks (or “threat signatures”), the targeted users, machines, and their IP addresses, what countries/IP addresses the attackers originate from, websites detected/blocked, and applications detected/blocked. These reports provide the proof of compliance for regulations, such as those required to pass PCI audits. Moreover, these reports give network security administrators the data they need to read the digital footprints and design the optimal balance between locked-down security and the free flow of information needed for efficient business operations.

Congratulations, you’ve reached the end of this blog and have now been attacked for the fifth time. Don’t hesitate; download this white paper on how to better protect your retail network before the next attack happens.

Download WhitePaper

POS Attacks Persist: Top 5 Defense Strategies to Protect Retail Networks

/0 Comments/in /by

No one needs reminding that 2014 was one of the most profitable years for cyber-criminals. The timeline graphic below takes us back to memory lane of what happened to large retailers such as Target, Home Depots and others. Despite efforts to comply with the Payment Card Industry – Data Security Standards (PCI-DSS) and other security measures for protecting electronic transactions and consumer data, U.S.-based retailers were hit hard by data breaches last year. Stores continued to be soft targets not just because they were easy victims per se, but more profoundly, due to the availability of good and effective hacking tools and techniques used by the cyber-criminals to successfully attack and compromise payment card infrastructures.

Although the sound of alarming retail breach headlines has been relatively quiet so far in 2015, the bad news is that POS attacks resumed where they left off in 2014. The SonicWall Security Threat Research team has been busy developing countermeasures to defeat newer forms of POS malware that have been found actively spreading in the wild. This is a noticeable development that carried over from the previous year. Cyber-criminals are obviously investing more in the malware economy and research as well as development efforts to create smarter methods of attacks that do greater harm. This is indicative of the Threat Research team’s 2015 Annual Threat Report prediction that more sophisticated POS malware variants are expected and additional attacks will target payment infrastructures throughout 2015, especially smaller regional chains that are more susceptible to attacks.

Debit/credit card payment

SonicWall Security researchers have already developed counter-measures to block several POS bot families including:

  1. Punkey: this Trojan was discovered in April 2015 and has versions for both 32-bit and 64-bit Windows-based POS terminals. Punkey is particularly dangerous not only because it can record payment card data while it’s being processed but it’s also capable of installing a keylogger to capture what employees type on systems including the card verification value (CVV) during a transaction.
  2. NewPosThings.C: this Trojan was also uncovered in April of 2015. NewPosThings.C adds system files and keys to the Windows registry to ensure its permanency upon reboot. It also searches the registry for VNC passwords, scans system memory to gather credit card track data, checks if data is available for transfer to its command and control (C&C) server periodically and sends credit card information in Base64 format to avoid detection.
  3. PoSeidon and POS.UCC: these Trojans were detected in March and February of 2015 respectively. Both exhibit similar behaviors as described in the NewPosThings.C. Trojan.

If you are in retail and still nervous about whether or not you have the proper security measures in place to protect your retail network, SonicWall Security recommends the following five key defense strategies to secure your payment card infrastructure.

  1. Traditional POS applications run on terminals connected to a central computer. Often, the operating system (OS) of this central computer is not kept updated, which can make the POS system as a whole highly vulnerable. It’s important to keep the OS patched and all software updated continually.
  2. Restrict activity on terminals to only POS-related activities (no web browsing) such as permitting data from POS system to advance to another trusted server on a different secured network for payment processing while preventing it from going elsewhere. To do this, keep the POS system isolated from the rest of the network. Separate groups and zones and make sure POS systems can only communicate with valid IP addresses. Communication between these systems should also be controlled and sanctioned only by the firewall via Access Control List (ACLs) to keep attackers who have gained network access from penetrating further and preventing them from siphoning data off to their own servers.
  3. Install a capable next-generation firewall with integrated intrusion prevention system (IPS) and SSL decryption between network segments and in the B2B portal to inspect all network traffic including encrypted connections to protect the network from internal and external attacks.
  4. Adopt a security policy that trusts nothing (networks, resources, etc.) and no one (vendors, franchisees, internal personnel, etc.), and then add explicit exceptions.
  5. Make security training a significant part of employee onboarding and ongoing communications. SonicWall’s recent Global Technology Adoption Index (GTAI) showed that employee security training is lacking in all industries, including retail. An astounding 56% of companies admit that not all of their employees are aware of security rules.

Download this exclusive white paper for additional guidelines on how you can protect your retail network.

DOWNLOAD WHITE PAPER