+ Reply to Thread
Results 1 to 7 of 7

Thread: Malware on POS

  1. Senior Member
    Join Date
    Sep 2016
    Posts
    105

    Certifications
    CCNA Security, CCNA R&S
    #1

    Default Malware on POS

    I was reading an article about a retailer having a data breach due to malware running on their POS machine. I have what is probably a dumb question but I'll ask anyway. How does malware get installed on a POS machine? I have limited experience in the retail space, but I have done a few consulting gigs. From what I've seen, the POS systems were running an embedded version of Windows XP, which I know is no longer supported and could easily be a vulnerability. My confusion is how malware would get installed to begin with. I wouldnt think these POS machines would need internet access.
    Reply With Quote Quote  

  2. SS
  3. Senior Member
    Join Date
    Dec 2015
    Location
    Quebec, Canada
    Posts
    489

    Certifications
    A+, Network+, Linux+, HP APS, VCP 3-4-5-6, VSP,VTSP, SSCP, Veeam VMCE, CISSP
    #2
    Embedded does not mean non-vulnerable usually they are the last thing that are updated in a network.

    Also while they perhaprs dont have internet access, they are usually connected to an internal network, they can became infected after a first breach.

    Finally, I have also seen a guest wifi that is plugged in the same network as the POS..
    Reply With Quote Quote  

  4. Achieve excellence daily
    Join Date
    May 2012
    Location
    Washington State
    Posts
    1,407

    Certifications
    CISSP
    #3
    Lets see, a couple options.
    • They are frequently on a network. Maybe another PC on that or an adjacent network has internet access.
    • Maybe a port (USB) is open on the device and an attacker can sneak a USB in during a transaction.
    • Maybe an employee or someone with access is paid to insert a disk or USB.
    • Pose as an IT or service person and insert a disk/USB
    I'm sure folks will chime in with other ways.
    When you go the extra mile, there's no traffic.
    Reply With Quote Quote  

  5. Senior Member
    Join Date
    Sep 2016
    Posts
    105

    Certifications
    CCNA Security, CCNA R&S
    #4
    Quote Originally Posted by SteveLavoie View Post
    Embedded does not mean non-vulnerable usually they are the last thing that are updated in a network.

    Also while they perhaprs dont have internet access, they are usually connected to an internal network, they can became infected after a first breach.

    Finally, I have also seen a guest wifi that is plugged in the same network as the POS..
    Yes, absolutely vulnerable. That's exactly what I was wondering. If its because say a desktop or another device got infected and since they share the same LAN (without segmentation), they then get infected.
    Reply With Quote Quote  

  6. Senior Member cyberguypr's Avatar
    Join Date
    May 2007
    Location
    Chicago, IL
    Posts
    6,102

    Certifications
    GCFE, GCED, GCIH, CISSP, CCSP, and others that should never be mentioned
    #5
    Good, easy to digest report on this topic: https://www.symantec.com/content/dam...systems-en.pdf
    Reply With Quote Quote  

  7. Senior Member
    Join Date
    Jan 2015
    Location
    Chicago, IL
    Posts
    1,073

    Certifications
    Too many MCPs and MCTS, MCSA: Security, MCSE: Security, MCSA: 2003, 2008, 2012, MCITP: EA, CISSP-ISSAP, SCS DLP, GREM
    #6
    Here how it's happened with Target Corp. They compromised some third party vendor, used their credentials to get inside Target's Microsoft network, which turned out to be flat, identified PoS machines, obtained an account with admin rights on all PoS (running XP) and installed their malware as a windows service on pretty much all points.
    Reply With Quote Quote  

  8. Senior Member
    Join Date
    Sep 2016
    Posts
    105

    Certifications
    CCNA Security, CCNA R&S
    #7
    Great replies. Exactly what I was looking for. Thanks @NotHackingYou, @cyberguypr, @gespenstern and @SteveLavoie
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks