Point-of-Sale (POS) systems attract hackers due to the significant rich source of financial gains they can possibly achieve. Some hackers found ways to successfully exploit a POS firm that further targeted over 130 locations.
A POS firm based out in Minnesota suffered a cyber attack recently. It imposed a very bad impact on the North County Business Products Inc. The attackers managed to steal the financial information of the customers. The attack also infected the POS systems of over 130 locations. The attack duration was for about 22 days between 3rd January 2019 and 24th January 2019. However, the suspicious activity, was identified on the clients’ network by the firm on January 4th, 2019.
“On January 30, 2019, the investigation determined that an unauthorized party was able to deploy malware to certain of North Country’s business partners restaurants between January 3, 2019, and January 24, 2019, that collected credit and debit card information. Specific information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV.”
It is uncertain on how the hackers gained illegal access to attack the systems and the cyber experts are also unsure about the type of POS malware strain that was used to attack the clients’ network.
“The investigation determined that an unauthorized party was able to deploy malware to certain of North Country’s business partners restaurants… that collected credit and debit card information. Specific information potentially accessed includes the cardholder’s name, credit card number, expiration date, and CVV.”
Even after the transition to EMV that was imposed to mitigate the interference of hackers, POS-based attacks still pose a serious threat to businesses. If the POS systems are used as per the PCI compliance, the card holder data is encrypted, and it renders the possible POS malware attacks useless.
An US restaurant chain Huddle House identified that the cyber attackers targeted POS systems from the third-party vendor. The attackers used a remote tool to implement keyloggers or malware that can steal information from various locations.
The hackers target a centralized POS provider to gain access to multiple clients and therefore manage multiple Return of Investments.
Considering real-time scenarios of massive POS data breaches, it is vital to enforce POS protection measure and therefore encrypt the customer data to render such POS targeted attacks useless.
RELATED RESOURCE