As the biggest season in retail winds down, Forever 21 was the latest retail target of a point of sale cyber attack, joining the likes of Chipotle and Game Stop. It was recently announced that they suffered a POS security breach between April 3 and November 18, 2017, and while some stores suffered breaches lasting the entire seven months, others were breached “for only a few days or several weeks.” Whether a breach is discovered within a few days or not for several months, it does little to soothe the pain. When sensitive customer information is stolen, the damage can spread wide to include not only compromised customer identities but a brand’s reputation, potential legal implications and even a hit to stock prices.
“The investigation found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data. The malware searched only for track data read from a payment card as it was being routed through the POS device.”
With more ways to pay at retail outlets, both in-store and online, corporations increase their attack surface area, undeniably opening themselves up to greater risks with their point of sale systems. While companies have technologies in place to foil hackers, we do not live in a perfect world. “In most instances, the malware only found track data that did not have cardholder name. Additionally, stores have a device that keeps a log of completed payment card transaction authorizations.” However, by leveraging DNS to bolster your security stack, breaches become less likely and less severe, all while giving you the visibility and control that other tools do not.
DNS: The Key to Point of Sale Security
Upon looking at these point of sale breaches, there are a few things every company can learn as they look to improve their cyber security measures. DNS is the foundation of any network, including POS systems, so it can offer clues, hints and be an invaluable tool in detecting malicious network activity.
However what’s important here is the protecting your POS system. In this case, the importance of securing your IoT devices cannot be overstated. Here, the point of sale devices were communicating with “services” outside the scope of those they were explicitly intended to connect with.
“For starters, the investigation into the security incident revealed that hackers had access to customers’ payment card data for up to seven months… Attackers had obtained network access and installed malware meant to harvest credit card data.”
Malicious adversaries harvested and captured this sensitive data and Forever 21’s cyber security measures weren’t able to stop it (or detect it) until it was too late. However, there is a solution, and it is possible to keep your IoT devices from communicating with devices or services they shouldn’t be while also preventing them from sending that information out.
DNS Edge, for example, can provide visibility into DNS log data and enforce policies to ensure:
- POS IoT devices and services are only able to communicate externally or internally to the services they need.
- POS IoT devices are not exfiltrating customer data to these malicious adversaries.
No one wants to be in damage control mode. By securing your POS system and monitoring DNS, you’ll be able to take action before it’s too late.
NSA and CISA: Protective DNS key to network defense
U.S. cyber agencies now point to protective DNS as a defense strategy, confirming what BlueCat already knew: DNS is critical to detecting network threats.
SUNBURST/Solorigate Situation Briefing
BlueCat leaders discuss how the malware attack via SolarWind’s Orion platform exploited DNS and how BlueCat Edge could have helped to detect it.
January 21, 2021: Learn more about how the SUNBURST/Solorigate malware exploited DNS to execute its attack.
Customer situation brief on SUNBURST/Solorigate
Learn more about the attack via the SolarWinds Orion platform and how BlueCat products use DNS to help protect customers against compromises like it.