POS - Bluebird Global

Dell Finds Dramatic Increase in Threats to the POS and Online Commerce

April 15, 2015         By: Kevin Xu

Dell’s Annual Threat Report has found that both online and offline commerce is increasingly under threat.

The point-of-sale faced a startlingly large amount of new strains of malware. Dell’s SonicWall, a provider of dynamic security solutions, created 13 malware signatures to combat threats at the point-of-sale, in comparison to just three signatures in 2013.

A disproportionate amount of malware attacks successfully hit United States retailers and businesses in 2014, likely owing to the new tactics that fraudsters are deploying, which include encryption to mask malware from network firewalls and memory scraping.

John Gordineer, Director of Product Marketing at Dell Security, said “Often, the operating system (OS) of either POS terminals or centralized POS computers are not kept updated, which can make the POS system as a whole highly vulnerable. It’s important to keep all operating systems patched and all software updated. Then, keep the POS system isolated from the rest of the network. Make sure POS systems can only communicate with valid IP addresses, so attackers cannot siphon data off to their own servers.”

On the online side of things, a move towards the more secure HTTPS protocol should mean greater protection for online transactions, such as filling in and transmitting credit card information when buying on a website.

HTTPS traffic more than doubled from 2014 to 2015, and online companies such as Facebook and Google are using it to secure web traffic.

However, Dell’s research found hackers could exploit HTTPS to hide malicious code, potentially breaching the privacy and security of online customers. Hackers could use an HTTPS connection (which is encrypted and usually not parsed by firewalls) and gain the ability to upload malware.

Gordineer adds, “It’s critical to ensure sure that you don’t skimp on the basics. New platforms and channels do not replace the old ones – they add to them, and the old security best practices do not go away. As a result, there are important, key security best practices to consider. Think about how to truly protect your data from attackers, not just how to meet compliance regulations. Retail is the only industry in which companies are devoting more financial resources to compliance-related security concerns than to hacker-related concerns. This could explain why companies like Target (and its HVAC vendor, through whom the attack was deployed) sometimes have compliant technology in place, but do not have adequate processes in place for addressing threats.”