Tag: Starwood

Despite Drop In Frequency, PoS Data Breaches are Still a Threat

In 2014, point-of-sale (PoS) data breaches against mainstream retail stores like Target and the Home Depot were primary talking points in cybersecurity. In 2016, PoS data breaches haven’t garnered as much attention, with threats like ransomware and more sophisticated phishing attacks taking up the mantle of the leading concerns in cybersecurity.

Over the last two years, the amount of chatter around PoS breaches has dropped dramatically.

Point of sale chatter
The chart above shows all PoS-related CyberFacts from June 2014 – May 2016. Outside of a rise in CyberFacts starting in October 2015 the amount of chatter concerning PoS breaches has remained low. 

PoS breaches still occur, but the frequency of attacks, as well as the targets, have changed. In 2014, department stores were impacted the most by PoS data breaches. Since that time, cybercriminals have turned their attention towards hotels, restaurants and bars. In many instances, a hotel had an associated restaurant or bar’s payment system compromised. The payment card breach against Starwood properties is one example of this activity.

POS chatter by group
Cybercriminals have shifted to new targets with regards to PoS breaches. While Department Stores were a top trending target in 2014, since then, cybercriminals have shifted their efforts to breaching PoS systems at Hotels, Motels and Cruiselines. 

New EMV Standards Having an Impact on PoS Cybercrime

Back in October 2015, the United States implemented new EMV standards aimed at protecting against PoS cybercrime. Many big retail stores have adopted the technology, which has helped thwart the amount of payment card cyber-attacks against them.

There have been well-documented problems so far with EMV, from customers not having access to chip-enabled cards to retailers offering customers the option swipe their card rather than force them to use the Chip-and-PIN technology.  Perhaps the biggest problem with the EMV shift is the amount of retail companies that simply do not offer customers payment terminals that accept the new Chip-and-PIN cards.

Despite the problems, EMV has positively impacted PoS cybercrime. However, due to the increased security, cybercriminals are turning their attention to other, more lucrative attack vectors. In 2016, phishing and ransomware attacks have both trended highly.

Latest PoS Data Breaches and Malware

However, cybercriminals haven’t completely turned away from attacking payment terminals. To date, SurfWatch Labs has collected information on 23 industry targets related to PoS data breaches.

In what is probably the most recent of those breaches, security researcher Brian Krebs has reported fraudulent activity involving the Texas-based restaurant chain CiCi’s Pizza. In this event, a cybercriminal posed as a “technical support specialist” for the company’s PoS provider, which allowed access to payment card data. This social engineering technique is one way cybercriminals can circumvent EMV (assuming CiCi’s Pizza utilized these payment terminals).

The old-fashioned malware attack vector is still being utilized as well to conduct attacks on PoS systems. New variants are still being created and continue to evolve. Some of the latest PoS malware families to make headlines include:

  • TreasureHunt PoS
  • AbaddonPOS
  • Multigrain
  • FighterPOS
  • FastPOS

With EMV implementation taking place at new retail locations daily, the amount of PoS-related data breaches is bound to decrease. Protecting customers at the point of physical payment is paramount to retail operations, but organizations can do more. Social engineering and phishing attempts are among the biggest threats facing organizations today, and Chip-and-PIN won’t protect against this threat. Deploying physical security features like firewalls is obviously important, but educating employees about phishing and social engineering tactics is arguably just as important a cybersecurity strategy.