Last updated on April 29, 2021.
As the biggest season in retail winds down, Forever 21 was the latest retail target of a point of sale cyber attack, joining the likes of Chipotle and Game Stop. It was recently announced that they suffered a POS security breach between April 3 and November 18, 2017, and while some stores suffered breaches lasting the entire seven months, others were breached “for only a few days or several weeks.” Whether a breach is discovered within a few days or not for several months, it does little to soothe the pain. When sensitive customer information is stolen, the damage can spread wide to include not only compromised customer identities but a brand’s reputation, potential legal implications and even a hit to stock prices.
“The investigation found signs of unauthorized network access and installation of malware on some POS devices designed to search for payment card data. The malware searched only for track data read from a payment card as it was being routed through the POS device.”
With more ways to pay at retail outlets, both in-store and online, corporations increase their attack surface area, undeniably opening themselves up to greater risks with their point of sale systems. While companies have technologies in place to foil hackers, we do not live in a perfect world. “In most instances, the malware only found track data that did not have cardholder name. Additionally, stores have a device that keeps a log of completed payment card transaction authorizations.” However, by leveraging DNS to bolster your security stack, breaches become less likely and less severe, all while giving you the visibility and control that other tools do not.
DNS: The Key to Point of Sale Security
Upon looking at these point of sale breaches, there are a few things every company can learn as they look to improve their cyber security measures. DNS is the foundation of any network, including POS systems, so it can offer clues, hints and be an invaluable tool in detecting malicious network activity.
However what’s important here is the protecting your POS system. In this case, the importance of securing your IoT devices cannot be overstated. Here, the point of sale devices were communicating with “services” outside the scope of those they were explicitly intended to connect with.
“For starters, the investigation into the security incident revealed that hackers had access to customers’ payment card data for up to seven months… Attackers had obtained network access and installed malware meant to harvest credit card data.”
Malicious adversaries harvested and captured this sensitive data and Forever 21’s cyber security measures weren’t able to stop it (or detect it) until it was too late. However, there is a solution, and it is possible to keep your IoT devices from communicating with devices or services they shouldn’t be while also preventing them from sending that information out.
DNS Edge, for example, can provide visibility into DNS log data and enforce policies to ensure:
- POS IoT devices and services are only able to communicate externally or internally to the services they need.
- POS IoT devices are not exfiltrating customer data to these malicious adversaries.
No one wants to be in damage control mode. By securing your POS system and monitoring DNS, you’ll be able to take action before it’s too late.
New features tame network complexity, reduce costs, improve security, and automate DDI tasks to drive rapid innovation.
Renowned cybersecurity expert Richard Clarke delves into protecting your network from ransomware and what cloud adoption means for your security strategy.
Learn how the Java-based Log4j2 logging vulnerability works, how severe it is, its potential effects on BlueCat products, and what has been done to fix it.
A DNS sinkhole supplies a false domain name in response to a DNS query, preventing connections to malicious or unwanted domains. Learn more with BlueCat.