Assume a scenario where the hackers gained access to information through malware on Point-of-Sale (POS) systems of more than million credit and debit card. The firewall had captured the first malware code and an alert was issued which was ignored. The hackers started downloading the collected data. The cyber criminals have hacked the system to gain credit and debit card information.
1. Explain in your own words what happened in the above discussed data breach. [5 Marks]
2. Identify and experience the type of attack experienced in the above scenario [2 Marks]
3. The stolen credentials alone are not enough to access the company’s POS devices. What other means can the hackers acquire to allow them to navigate the company’s network and deploy the malware. [3 Marks]
4. What would have hackers done for privilege escalation? [2 Marks]
5. The organization admitted that they ignored many alerts from their network security devices because of alert overload. If you are the organization’s Chief Technical Officer (CTO), what would you do to reduce the problem of alert overload? [3 Marks]
6. The security experts criticize the organization for failing to isolate sensitive sections of their networks from those more easily accessible to outsiders. As a CTO, please propose a feasible solution to segment and categorize your networks and resources. [5 Marks]
Let me explain everything one by one with example from POS to Pos malware attack ,how it can be done and what are the ways to protect from these attacks so hope you will like the answer and upvote me for the efforts I made .
A Point-Of-Sale (POS) terminal is a computerised version of a cash register. It has the ability to record and track customer orders, process credit and debit cards, connect to other systems in a network, and manage inventory. Most POS terminals contain a personal computer, which stores specific programs and I/O devices relevant to the company it will be used at. For example, a POS system for a restaurant would contain a database of every menu item which can be queried for information. POS terminals are used in most industries that have a “point of sale”, such as retail, restaurants, hotels and museums. POS terminals are also becoming Web-enabled, which makes it possible to manage global operations and inventory.
Point-of-sale Malware (POS Malware) is malicious software specifically designed to steal customer payment data – particularly credit card details – from business checkout systems. Criminals often sell the customer data rather than using it themselves.
There are two methods criminals can use to obtain a store’s customer credit card data:
Learn how POS malware works and how to protect against it in Data Protection 101, our series on the fundamentals of information security.
WHAT IS POS MALWARE?
POS malware is specifically designed for point-of-sale (POS) terminals and systems with the intention of stealing payment card data. It is commonly used by cybercriminals who want to resell stolen customer data from retail stores. Payment card data is encrypted end-to-end and is only decrypted in the random-access memory (RAM) of the device while the payment is processing. A POS malware attack enters through compromised or weakly secured systems and scrapes the RAM to find payment card data, which is then sent unencrypted to the hacker.
HOW DOES POS MALWARE WORK?
POS malware is often called a process scanner by IT professionals because it scans active processes on devices and scrapes anything that could potentially be useful, usually credit card data. It searches for data that matches the Track 1 or Track 2 format encoded in the magnetic strip of a credit card. This data includes the card holder’s name, primary card number, charge types permitted, and discretionary data, which can include PINs. The unencrypted data is only available for a very short amount of time when it enters the database on the device. POS malware is designed to instantly acquire the data before it becomes encrypted. Once the malware obtains the data, it sends it to another server where the cybercriminal is able to sort through the data and find credit card numbers. With the payment card data, cybercriminals can sell the information on the dark web or make fraudulent purchases depending on what was scraped.
Tips for protection
Whilst FraudWatch International does not currently provide protection services against POS Malware attacks, there are plenty of tips we can provide to assist people and companies to stay protected and secure:
Get Answers For Free
Most questions answered within 1 hours.