By: Laura Combs, CISSP
During the last several months, I’ve seen several stories show up in the news about retail chains and restaurants experiencing malware attacks on their point of sale (POS) systems, which in turn impacted a massive number of customers. The latest round of stories discussing the recent breach at Wendy’s restaurants is now saying the original breach discovered at 300 of the restaurant’s locations earlier this year is expected to extend far beyond what was originally discovered. Several of those articles include a short explanation of how the malware came to be on the POS terminals (the “card-swipe” machines). Apparently, attackers gained access to an unnamed third party vendor’s network and were able to use that vendor’s remote access credentials to access Wendy’s POS terminals and drop the malware there. Once the malware was installed, it was designed to remotely collect credit card data for all cards swiped at the terminal and provide that data to the attackers. That data was then posted for sale to groups or individuals who specialize in credit card fraud.
- Ensure your firewall is current and has the most updated firmware version installed.
- Turn off all unnecessary services and ports on the firewall.
- Implement an IDS/IPS solution both at the network level and at the host level for critical devices.
- Download and install updates and patches routinely.
- Change all default admin passwords when installing new hardware or appliances.
- Require multi-factor authentication for configuration changes and regular maintenance changes.
- Restrict service account privileges to only those required for the service account function. Don’t grant service accounts administrative privileges unless it’s absolutely necessary for the function of the account.
- Invest in file integrity and monitoring software for critical servers and files.