So, now that you’re up to speed, here’s a peak at Carbon Black’s recommendations that we stand behind.
Normally, POS and retail/hospitality systems enter the spotlight around the holiday-freeze period in the fall, when systems are stressed and known vulnerabilities are easier to exploit. Summer is a non-typical time for POS to be targeted. This shows us that there is still a need for continuous risk measurement and security vigilance.
The attack on a large supply chain is a sign that attackers will seek out vulnerabilities within systems that are indirectly related to the main POS operations. Attackers can then use those vulnerabilities as a conduit to the greater ecosystem. This is quite common with POS attacks.
This latest attack represents a typical way that attackers operate following the path of least resistance. In this case, they picked a different inlet into the data by targeting a vulnerability present in supply chains within large service organizations.
Having all POS customers change their passwords will not necessarily address the root cause of the attack. There may be another way that the attack is accessing the system and stealing critical data.
Recommendations based on the outcome of this breach:
Apply security control measures via a framework that ensures all POS systems and infrastructure are effective.
Industries using POS need to bridge the gap between security controls and the frameworks that are used to provide measureable security enforcement. There are basic IT security audit steps that can help security teams measure the posture of security across the organization. Most of the POS systems in question in this attack would probably fall under the influence of the PCI Data Security Standards. PCI DSS is a good baseline standard policy to help get systems in check and provide both risk posture and security control assurance for affected systems. If the principles, security requirements and best practices of PCI policies are being applied and measured correctly, there is better assurance that the systems are protected. The most recent version of the PCI standard, version 3.2, if implemented with current best of breed security technology, would have helped with this breach.
Practice “Zero-Trust” where possible.
A “zero-trust” security posture applied to all corporate systems would help with these types of exploits. Large systems, such as the MICROS supply chain, can be very noisy with event information. Systems that focus on what the systems should be doing, rather than analyzing everything, can help prevent similar breaches.
Take advantage of collective defense and protection policy.
In the case of the MICROS breach, there is the underlying problem that malware was able to execute and do “something” for a period of time. The real damage caused may take some time to uncover. If malicious activity can be found sooner in the equation, via a policy that is enforced across all systems and using advanced, next-generation attack analytics on threats, then breaches like these may be less frequent.
For More Information:
The Cb Endpoint Security Platform is a proven, ease-to-use security and compliance endpoint solution that will grow with you, multiply the effectiveness of existing compliance and security tools, and minimize your organization’s attack surface. Click here to learn more about how Carbon Black can help protect your systems.