Protect Your POS System From Hungry Hackers And Careless Vendors


MAY 2017

By: Brian Burns

Hundreds of millions of Americans dine at restaurants each year. Unfortunately, so do hackers.

In the past year alone, we’ve learned about cybercriminals devouring credit card information from CiCi’s Pizza, Wendy’s and Arby’s. What makes these retailers so attractive to attackers is their highly vulnerable point-of-sale (POS) systems. The problem is so severe that cybercrime investigative journalist Brian Krebs recently blogged on KrebsOnSecurity:

From my perspective, organized crime gangs have so completely overrun the hospitality point-of-sale systems here in the United States that I just assume my card may very well be compromised whenever I use it at a restaurant or hotel bar/eatery.

According to the just-released 2017 Data Breach Investigations Report from Verizon, almost 65% of POS breaches involved the use of stolen credentials as the hacking variety. And 95% of breaches featuring the use of stolen credentials leveraged vendor remote access to hack into their customer’s POS environments.

Anatomy of A POS Hack

A vendor-enabled POS hack usually involves three basic steps. To illustrate this, we’ll use the infamous Target hack, which compromised 40 million credit cards.

First, the hacker steals vendor login credentials. In the case of Target, a phishing email loaded malware on the computers of one of the retailer’s HVAC vendors. The next time that vendor logged into the Target portal, the attacker captured the login credentials.

Next, the hacker uses these credentials to enter and roam the network. Target never released details on how its Windows servers were breached, but speculation has it that they fell to SQL injection attacks. This would have helped attackers attain elevated credentials, allowing them to move across Target’s internal network.

And finally, the hacker begins exfiltrating POS credit card data. Target’s attackers infected the system with malware that scraped the RAM off POS devices and grabbed data as cards were swiped. This information was sent to a “dump” server outside the compromised network, from which cybercriminals then moved the stolen data to off-site FTP servers.

Protecting Your POS System

Obviously, you can’t eliminate third-party vendors. Doing away with your vendor portal is also unfeasible. It would greatly limit your working relationship with these important suppliers.

However, keep in mind that all it takes is one compromised vendor to put your entire POS system in jeopardy. So, it’s imperative you do all you can to prevent that. Here are some suggestions:

Require two-factor authentication. Make sure your vendors can’t access your portal with just a username and password. For even higher security, add a third factor of authentication for client devices.

Secure your network perimeter. Insist that third-party vendors access your network only with authorized devices. With software-defined networks, this means only devices on which the software is registered. This prevents attackers using stolen credentials from entering your portal via their devices.

Hide your vendor portal. It should not be visible, reachable or scannable from the public Internet. Instead, establish a zero-trust firewall to protect your enterprise applications and vendor portal from prying eyes.

Limit vendor access. Once inside the Target network, attackers moved laterally from server to server, searching for valuable data. Prevent this by locking down vendor access to just one application or server. That way, if an attacker does sneak through your vendor portal, he’s limited to only that portal application.

Vet your vendors. We’ll end with where you should begin. As the Verizon report stated:

“We recommend all businesses, small and large, ask the right questions to any third-party management vendors about their security practices, specifically about use of two-factor authentication.”

Don’t wait to be the next victim. Talk to Dispersive. Our virtualized networks can bring unmatched security to your POS systems, minimizing your concerns about hungry hackers and careless vendors.

Find out how we or one of our carrier partners can improve your situation. Email us at or call us at (844) 403-5852.

Similar Blogs

Critical Infrastructure On Edge: Colonial Pipeline Is Only the Latest Example of the Massive Risks Associated with Attacks

Critical Infrastructure On Edge: Colonial Pipeline Is Only the Latest Example of the Massive Risks Associated with Attacks

This past week Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500-mile path from Texas to New Jersey, was forced to take itself offline after being attacked by a criminal cyber gang. The pipeline, which carries 2.5 million barrels a day, nearly 50% of the East Coast supply of diesel, gasoline, and jet fuel, is still working to restore service and gain access to their systems after the malicious cyberattack, while its four mainlines remain offline.

read more
Financial Services Companies Struggle With The Work from Home Digital Perimeter With Serious Cyber Attacks on the Rise

Financial Services Companies Struggle With The Work from Home Digital Perimeter With Serious Cyber Attacks on the Rise

When pandemic lockdowns turned many jobs into work-from-home almost overnight, some industries experienced relatively seamless transitions; however, the banking industry was not one of them. These institutions were forced to pivot from traditional office environments, but the switch to remote working came with an abundance of challenges, the most serious being cybersecurity.

read more
Securing Retail and POS Endpoints Efficiently

Securing Retail and POS Endpoints Efficiently

With physical retail re-opening, large retailers with hundreds or thousands of locations are rethinking their security strategies, especially when it comes to Point-of-Sale (POS) systems.

Retailers need reliable, resilient networks, as downtime leads to slow checkout lines and unhappy customers.

read more