How Can A Hacker Breach a POS System?
Data breaches have risen 27.5 percent in the United States this year. One reason for the increase in data breaches is that electronic payments now outnumber cash transactions. Therefore, hackers have taken notice of this increase and this has increased the number of POS system breaches making the headlines. Two of the top hacks that made the headlines were Home Depot and Target. The two networks were easy targets for hackers because they used outdated network technology, which left them vulnerable to hackers.
How Hacker Attack a POS And What Do They Look For?
Hackers first line of attack is to launch a broad-based attack using a watering hole
A group of hackers that specialized in compromising machines and launching malware attacks breached the Home Depot network. This form of attack is known as a watering hole attack. The hacker team compromised popular websites and installed an “exploit kit” into the site that targeted the browser vulnerabilities. Therefore, when users visited the website their system browsers were also compromised.
The second phase of an attack the hacker does is a first-level analysis of the compromised systems
After the initial exploit kit attack the hackers look at what types of systems they have gained access to. They look at the software installed on each machine and their IP address. Hackers are also interested in the email address of the user. Hacker’s perform this analysis to see what assets they have received from the “net” for their broad-based attack.
Hackers now identify all viable targets
After the hackers reviews and identifies their assets they have obtained from the first level attack they launched. The hackers then search for all viable targets from their catch. They review their catch looking for any major or minor retailers. Afterwards, they select the biggest retailer from their catch and start working towards their objective. How can they compromise the corresponding POS terminals?
Hackers now plan and pivot their attack
After the broad-based attack the hackers will start working on the initial point of compromise. The hackers now start to pivot on the corporate network. They start performing reconnaissance on the network to identify the machines they can access. Afterwards, they start executing their attack from these systems they have gained access to.
Hackers have found the vulnerabilities, then they move to their objectives
After the hacker has gained access to the network he starts to identify ways to gain access to the POS terminals. Unfortunately, in Target’s case they had a relatively open network. This network made it easy for hackers to attack their network. Afterwards, hackers will target the known vulnerabilities in the system and install memory-scraping malware. The malware then goes to work harvesting credit card information.
The critical last step is to move the harvested information to a new location
The hacker’s last step is to take the harvested credit card information and move it off the POS terminals to another location. Again, in Target’s case this data was moved to an FTP server in Eastern Europe. Once moved to a new location the hackers can start to sell the information on the black market.