Retail POS Fraud: The Rising Challenge


I have a confession: I. Love. Shopping.

Recently, I had to return few items that I ordered online from one of America’s premium designer stores. I expected this to be a pain-free and smooth experience, but I had to wait for half an hour for the sales rep to complete the process.

While I was waiting impatiently — thinking of what to do next — I heard the sales rep complaining about the speed and age of their systems. Coming from a cyber security background, this made me think how easy it would be for threat actors to breach old, outdated systems.

If your systems are not updated and maintained correctly and consistently, you will be an easy target for cybercriminals. Not only will you compromise your data, you could put your customers’ information at risk, too. If you are relying on outdated systems, time’s up. Let go of all the old infrastructure and focus on building a network with security in mind.

Cyberattacks Against the Retail Industry

It does not matter if you are a small retail chain or a global corporation, hackers will target your data. According to a recent study conducted by Ponemon Institute in 2017, SMBs are huge target for hackers. Our most recent infographic shows that, on average, $1.2 million were spent by SMBs due to disruption to normal activities. Some 61 percent of SMBs experienced a cyberattacks in the last 12 months.

I can’t stress this enough: in this day and age, it is critical to secure your data as well as your customers’. You have a duty to protect their data and privacy, so incidents like the Facebook data leak do not happen to your organization or store.

How Retailers Can Protect Customer Data

So, how do you ensure that your data, and your customers’, is secure?

Installing next-generation firewalls and enabling DPI-SSL to inspect your encrypted traffic will help eliminate majority of the cyberattacks. But, hackers are re-tooling and finding new ways and means of attacking your infrastructure.

An example of a vulnerability is a memory attack, like Meltdown. These memory exploits leverage old point-of-sale (POS) system that are easy targets. Until recently, there were no solutions that could detect memory-based attacks.

SonicWall took on this challenge and invented Real-Time Deep Memory Inspection (RTDMITM). SonicWall’s patent-pending RTDMI technology detects and blocks malware that does not exhibit any malicious behavior or hides its weaponry via encryption. RTDMI is part of SonicWall Capture Advanced Threat Protection (ATP), a cloud-based, multi-engine sandbox designed to discover and stop unknown, zero-day attacks, such as ransomware, at the gateway with automated remediation.

Why RTDMI Is Critical

To discover packed malware code that has been compressed to avoid detection, the RTDMI engine allows the malware to reveal itself by unpacking its compressed code in memory in a secure sandbox environment. It sees what code sequences are found within and compares it to what it has already seen.

Identifying malicious code in memory is more precise than trying to differentiate between malware system behavior and clean program system behavior, which is an approach used by some other analysis techniques.

Besides being highly accurate, RTDMI also improves sample analysis time. Since it can detect malicious code or data in memory in real time during execution, no malicious system behavior is necessary for detection. The presence of malicious code can be identified prior to any malicious behavior taking place, thereby rendering a quicker verdict.

Upon detailed analysis, SonicWall Capture Labs threat researchers discovered that RTDMI had the ability to stop new forms of malware trying to exploit the Meltdown vulnerability. The RTDMI engine’s CPU-level intrusion detection granularity (unlike typical behavior-based systems, which have only API/system call-level granularity) is what allows RTDMI to detect malware variants that contain exploit code targeting Meltdown vulnerability.

By forcing malware to reveal its weaponry in memory, where weaponry is exposed for less than 100 nanoseconds, the RTDMI engine proactively detects and blocks mass-market, zero-day threats and unknown malware with a very low false positive rate.

Capture ATP & Retail

With Capture ATP and RTDMI, you should see a significant improvement in detection rates when analyzing files on a larger scale. Best part? This technology is available within Capture ATP at no added cost to you.

This solution is definitely a big win for the security industry. Leverage technologies like the Capture ATP sandbox with RTDMI to protect your retail stores from advanced threats, so that you can focus more on your business and fear less about security.

To learn more, explore SonicWall’s retail security solutions.


SonicWall Staff