According to the Identity Theft Resource Center, over 500 data breaches have been reported in the United States this year, showing an increase of 27.5 percent over the same period last year.
At the same time, electronic payments have started to outnumber cash transactions, and hackers have taken notice – with an increased number of point-of-sale (POS) system breaches making the headlines. Recent POS hacks, like those on Home Depot and Target, are likely due, in part, to the systems not being properly protected from potential vulnerabilities, which allows for an easy way in.
In this slideshow, Russ Spitler, vice president of product management at AlienVault, discusses the step-by-step analysis from the perspective of a hacker and what he or she would have to do to breach a POS system.
AlienVault is a leading provider of unified security management and crowd-sourced threat intelligence. Its products are designed and priced to ensure that mid-market organizations can effectively defend themselves against today’s advanced threats.
Hacking a POS System
Click through for a step-by-step analysis of how a hacker goes about breaching a point-of-sale (POS) system, as identified by Russ Spitler, vice president of product management at AlienVault.
Launch a Broad-Based Attack
Launch a broad-based attack against a known vulnerability using a watering hole.
In the case of Home Depot, this was most likely done by a group of hackers that specialize in compromising machines and distributing malware. With watering hole attacks, the most common technique is to compromise popular websites and install what is called an ‘exploit kit,’ which targets known vulnerabilities in the browsers and systems of the users browsing to the compromised website.
Run a First-Level Analysis
Do first-level analysis of the compromised systems.
The hackers will then look at what types of machines they’ve gained access to, what software is installed, what their IP addresses are, and what email addresses are being used. This analysis is done to see what assets have been brought in by the ‘net’ of the broad-based attack.
Identify Viable Targets
Identify viable targets for a breach.
After determining what assets they have obtained, hackers will likely then move to see if there were any viable targets in their catch. That is, if there were any major or minor retailers they gained data from during the attack.
They will then typically pick the biggest retailer and start working toward their objectives – compromising the corresponding POS terminals.
Image courtesy of digitalart at FreeDigitalPhotos.net
Pivot Your Attack
Pivot your attack within the corporate network.
From the initial point of compromise via the broad-based attack, the hacker will attempt to pivot within the corporate network, performing reconnaissance on the network to identify and execute on the machines and systems it can access.
Target Known Vulnerabilities
Systematically move on your objectives.
Once inside the network, hackers will attempt to identify ways to access the POS terminals. In the Target scenario, it was a relatively open network, so this was a very simple task. Either way, once the POS terminal points are identified, hackers will target a known vulnerability in the system and install the memory-scraping malware that harvests credit card information.
Ex-filtrate the Harvested Data
Ex-filtrate the stolen data.
The critical last step in typical POS system breaches requires hackers to move the harvested credit card information back from the POS terminals to a location of their choosing. Again, in the Target scenario, this was a FTP server in Eastern Europe, where the data then becomes available on the black market.
Mitigating Attacks
Identify and defend.
To avoid your personal data ending up on the black market, be aware of a number of security technologies that enterprises are deploying and techniques for mitigating the increasing number of attacks. As we saw in the financial industry, threat intelligence sharing is one key component for being alerted of and staying ahead of attacks. If more companies widely share the threat data they have, it’s likely to help prevent hackers from being able to breach a system and share your own personal data.