The beef with malware

A well-known fast food restaurant chain, famous for its burgers, was recently hacked and its point-of-sale (POS) system breached. The result: stolen customer information from more than 5,000 restaurants.
“POS systems are vulnerable and the attacks will continue and become more exotic over time,” stresses Jamal Bethea, marketing insights analyst at Arbor Networks, the security division of NETSCOUT.

According to the World Payment Report from 2015, there were more than 350 billion non-cash transactions in 2013, making electronic payments the preferred method of transactions. And, a user research report by Capterra states that, of the 400 surveyed POS buyers, 57 percent preferred on-premise/ installed systems and 43 percent preferred web-based/ hosted services.

“Regardless of how a POS is deployed in a business, a cyber-security solution that supports both installed or web-based systems is strategically important,” adds Bethea.

He says that ATLAS Intelligence is supported by Arbor’s Security Engineering & Response Team (ASERT) and explains that ASERT is comprised of an elite group of researchers and engineers who take their unique visibility into global threat activity and integrate it into a workflow using ATLAS Intelligence feed. “They then take known attacks and disseminate them into reports so customers can stay aware of continuous DDoS and advanced threats, including malware,” he says.

Bethea points out that malware can today access back-end systems and steal information despite card issuers’ steps to modernise payment methods.

“When customers swipe their credit or debit cards, POS systems relying on traditional magstripe technology can store all of the cardholder’s information available on Track 1 and Track 2 of the magstripe. EMV chips increase the level of security in comparison to the magnetic strip that maintains static data. The card’s technology administers a unique code per transaction making obtaining the customer’s financial information a difficult task. So is EMV technology foolproof? Yes, and no. Technology can only be adoptable and mainstream when the vast majority realises the immediate ROI,” highlights Bethea. “The case of liability has now shifted to the card provider and their responsibility to hunt down advanced threats. Also notable, hackers are constantly improving the capabilities of their threat tools against POS systems, including malware, leaving this type of threat tool undetectable by infrastructure detection.”

Threat actors in the past employed skimming techniques to acquire customer information through POS and ATMs, but that has changed as hackers’ skills increased. “By utilising web-based malware like TreasureHunt, NitlovePoS, Poseidon and more, threat actors can track credit card number sequences, mimic a display driver as an infected system, along with other strategies to acquire your information. Although the fast food restaurant chain has not confirmed the type of malware used against its POS, we are aware of several types of web-based malware capable of capturing customer financial data that have been deployed in the past against other fast food chains,” says Bethea.

Bryan Hamman, territory manager for Sub-Saharan Africa at Arbor Networks, says that a solution such as Arbor Networks Spectrum offers an answer to detect and eliminate advance threats at retail and restaurant chains POSes operating in the region. Arbor’s Spectrum can apply intelligence indicators as confirmation of attack campaigns. “Businesses may rely on logged security data with user/ entity behaviour analytics solution or a SIEM, but they need to understand that’s not an equivalent security solution to the threat their systems face. That data is generated from IDS/ IPS, firewalls, endpoint security, and more, but for that log to be accurate to some degree a security device has to be calibrated to discover the attack,” he says.

Strategies involving detecting and responding can no longer be an acceptable means to eliminate advance threats. “Let’s start thinking about a ‘seek and contain’ strategy that is accomplished with an impressive hunting toolkit and legacy controls that are found in Arbor’s Spectrum,” concludes Bethea.

For more information about Arbor in Africa, please contact Bryan Hamman at