SlideShare a Scribd company logo

Protecting Your POS System from PoSeidon and Other Malware Attacks

Netop
Netop

A Multi-tier, “Defense in Depth” Strategy for Securing Point of Sale Systems from Remote Access Attacks. Retailers are being threatened by a new wave of malware aimed directly at point-of-sale (PoS) systems. A program called PoSeidon is being used by cybercriminals to steal payment card data from retailers. This whitepaper explains how PoSeidon works, and provides techniques that retailers and POS suppliers can use to protect themselves and their customers from this threat, and from other, similar attacks conducted through remote access software.

Technology
1 of 7
Download to read offline
Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Protecting Your POS System from PoSeidon and Other Malware Attacks A Multi-tier, “Defense in Depth” Strategy for Securing Point of Sale Systems from Remote Access Attacks Retailers are being threatened by a new wave of malware aimed directly at point-of-sale (PoS) systems. A program called PoSeidon is being used by cybercriminals to steal payment card data from retailers. This whitepaper explains how PoSeidon works, and provides techniques that retailers and POS suppliers can use to protect themselves and their customers from this threat, and from other, similar attacks conducted through remote access software.
Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support In March 2015, the Cisco Security Solutions team1 identified a new Trojan program they called PoSeidon that skims credit card information from point-of-sale systems. This whitepaper explains how PoSeidon works, and provides techniques that retailers and POS suppliers can use to protect themselves and their customers from this threat, and from other, similar attacks conducted through remote access software. What is PoSeidon? PoSeidon is the name given to a new Trojan program that targets point-of-sale terminals, stealing consumer payment card data for use by criminals. Lucian Constantine of IDG New Service2 described the malware this way: The CSS researchers have identified three malware components that are likely associated with PoSeidon: a keylogger, a loader and a memory scraper that also has keylogging functionality. The keylogger is designed to steal credentials for the LogMeIn remote access application. It deletes encrypted LogMeIn passwords and profiles that are stored in the system registry in order to force users to type them again, at which point it will capture them. The CSS researchers believe this keylogger is potentially used to steal remote access credentials that are needed to compromise point-of-sale systems and install PoSeidon. Past studies have showed that PoS terminals are typically compromised through stolen or brute-forced remote access credentials, as many of them are configured for remote technical support. Once the PoSeidon attackers get access to a PoS terminal, they install a component known as a loader. This component creates the registry keys needed to maintain the infection’s persistence across system reboots and downloads another file called FindStr from a hard-coded list of command-and-control (C&C) servers. As its name implies, FindStr is used to find strings that match payment card numbers in the memory of running processes. The Trojan then verifies that the captured strings are actually credit card numbers by using an algorithm known as the Luhn formula, and uploads them to one of several command-and- control servers along with other data captured through its key logging functionality. A New Threat to Point-of-Sale Systems “ …the attackers may have stolen LogMeIn credentials in order to remotely access the POS device (and perhaps many others with the same account) and install the POS malware.” Sagie Dulce, security researcher at Imperva3 Request command from C&C Send URL to download & execute: “FindStr” Download & execute EXE .ru C&C Server File Server .ru Exfil Server Send CC numbers & keystrokes 2 Set persistence to survive reboot 1 3 4 Install keylogger on POS device 5 Check memory for CC numbers 6 7 EXE Loader EXE FindStr
Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support How Can You Defend Yourself from PoSeidon? Defending against malware like PoSeidon is difficult. There is no silver-bullet to protect your network against the variety of tools, exploits and attacks criminals will throw against you. As a result, Netop recommends a defense-in-depth strategy for security. Because Point of Sale attacks often target remote access tools, it is vital your remote access and control strategies include multiple overlapping layers of defense and protection. Netop has been supplying the retail industry with unparalleled security for remote access and remote control for nearly 30 years. With 24% of the world’s top 100 retailers and 42% of the world’s top banks using Netop Remote Control, you can trust our security has been tested and verified. Netop’s approach to security focuses on four overlapping strategies: Secure The Line Secure remote access relies on strong encryption to ensure the confidentiality, integrity and authenticity of data being transmitted. Encryption is like a three legged stool. One weak leg and the stool collapses. Many remote access vendors provide high levels of encryption, but provide weak key exchange and message authentication, creating a dangerous risk of collapsing their encryption. Netop’s approach to encryption is comprehensive: • Data confidentiality is ensured with up to 256-bit AES (Advanced Encryption Standard) • Data integrity is ensured with upt to 256-bit SHA HMAC (Secure Hash Standard or Keyed-Hash Message Authentication Codes) • Data authenticity is ensured with a combination of 2048-bit Diffie Hellman key exchange and the 256-bit AES and 512-bit SHA Spartan Stores strengthened their security and achieved a 30% increase in efficiency when they switched to Netop Remote Control Secure the line Manage user access Manage user rights Document what happens 1 2 3 4 SUPPORT S Closed Us Groups 100% Protection non-approved u IT Admin Group Helpdesk Group Super User Group External Group Sales Group Backup Servers Management Group SAP Server Finance Group SUPPORT S Market-Lea 256-bit A Encryptio t G Complete centrailized and scalable management of who can do what where and when with a few clicks Netop Security Server 24%World Top 100 Retailers
Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Manage User Access Strong encryption is a crucial first step to securing data, but encryption alone is not sufficient to keep you safe. Managing user access is necessary to prevent unintended users from accessing your network and unencrypting the data with stolen credentials. Netop provides several options for managing user access that includes: • Minimize Threat Vectors. Your network is being scanned continuously. Every public IP address, all your open ports, and any inbound firewall exceptions you’ve allowed are now threat vectors. Netop’s WebConnect service provides Internet connectivity without open ports or inbound firewall exceptions. Within closed networks Netop can be configured to prevent devices from advertising connection details, preventing network browse requests and using specific IP address checks prior to making a connection. Using Netop’s secure gateways, customers can provide a single secured access point into closed network segments without opening those devices to the Internet. • Closed User Groups. Unique to Netop Remote Control, closed user groups provide protection against non-approved users by limiting communication to devices that have been pre-configured with a unique Closed User Group License. The Closed User Group is a highly effective mechanism for preventing outside parties from interacting with the systems in your network. • Multi-Factor Authentication. Dual factor or multi factor authentication mitigates the threat of stolen or compromised passwords. Netop supports multi-factor authentication options including: RSA SecureID, Windows Azure, Radius servers, smart cards, tokens and others. • User Controlled Access. For attended devices, Netop can be configured so that end-users must confirm and allow remote access before a remote session can be established. Even if user controlled access is not enforced, connection notifications can be configured to notify the local user upon, during, or after a session. END USERSUPPORT STAFF Authentication Users can authenticate through Directory Services, smart cards, tokens etc. Closed User Groups 100% Protection against non-approved users User controlled access The user will need to actively click a button to allow the Guest access END USERSUPPORT STAFF Market-Leading 256-bit AES Encryption Market-Leading Dynamic Key Exchange SUPPORT STAFF Set persist survive reb 1 Install keyl on POS dev 5 Check mem for CC num 6 The Liquor Control Board of Ontario, one of Canada’s largest retailers meets security standards with a remote support solution from Netop that provides centrally managed security, authentication and authorization for point of sale systems.
Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Manage User Rights Securing remote access doesn’t stop with encrypted traffic and authenticated users. Once a user has successfully accessed a networked device, managing their rights and permissions is the next step in maintaining your security. Netop provides a sophisticated system of role based access controls with centralized and scalable management of who can do what, where and when. Specific features including file transfer, remote keyboard and mouse control, monitoring, and system inventory can be turned on or off with the click of a button for users, roles and groups. END USERSUPPORT STAFF Authentication Users can authenticate through Directory Services, smart cards, tokens etc. Closed User Groups 100% Protection against non-approved users User controlled access The user will need to actively click a button to allow the Guest access SUPPORT STAFF Secure the line Manage user access Manage user rights Document what happens 1 2 3 4 SUPPORT Closed U Group 100% Protectio non-approved IT Admin Group Helpdesk Group Super User Group External Group Sales Group Backup Servers Management Group SAP Server Finance Group SUPPORT Market-Le 256-bit A Encrypt t G Complete centrailized and scalable management of who can do what where and when with a few clicks Netop Security Server Netop Remote Control offers cloud hosting or on premise options to meet your security needs. POS equipment vendor SIR Solutions turned to Netop for a cost-effective and secure way to support thousands of retail devices across hundreds of locations.
Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Document What Happens The last line of defense against hackers and criminals is robust logging and activity histories. Having the ability to identify what happened, when it happened and who was involved is critical to mitigating ongoing attacks and cleaning up an attack that has been resolved. Netop Remote Control includes over 100 logable events and provides full screen recording if required. Logs and screen recordings can be stored locally or centrally. Systems can be configured to prevent connectivity if screen recording is unavailable or disabled. Conclusion Security matters. While no company can protect themselves against every form of attack, there are basic steps that retailers and system providers can take to safeguard customer data from PoSeidon and other forms of malware that attack point-of-sale systems through remote access software. Start by assessing the remote access solutions used at your company. Are you using general purpose remote access software, or a solution that is designed for PCI compliance and security like Netop Remote Control? Are you taking advantage of advanced security features like multi- factor authentication and closed user groups? If so, then you should be able to protect your company and your customers from PoSeidon. If not, talk to Netop about how to make your remote access system more secure. END USERSUPPORT STAFF 100+Log Events and Screen Recording Central recording or local recording offers the most secure way of knowing exactly who did what and when. Central Recording Central Loggingntral Loggi Download & execute EXE Server .ru Exfil Server Send CC numbers & keystrokes 4 on POS device Check memory for CC numbers 6 7 EXE FindStr About Netop Remote Control Why do 24% of the world’s top 100 retailers use Netop Remote Control? Because security matters. Netop is the most secure, trusted and scalable remote support software solution on the market today. We’ve been helping customers grow their enterprises with secure remote control and support for workstations, servers, embedded systems and mobile devices for 30 years.
Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Reference List 1. Cisco Threat Research blog post by Talos Group dated March 20, 2015: http://blogs.cisco.com/security/talos/poseidon 2. PC World article dated March 23, 2015 by Lucian Constantine, IDG News Service: http://www.pcworld.com/article/2900552/new-malware-program-poseidon-targets-pointofsale-systems.html 3. IT Security Guru article dated March 23, 2015 by Dan Raywood: http://www.itsecurityguru.org/2015/03/23/poseidon-malware-poses-fresh-retail-threat 4. Netop Case Study: Spartan Stores Realizes 30% Efficiency Gain with Netop Remote Control http://www2.netop.com/spartancasestudy 5. Netop Case Study: POS Equipment Vendor Leverages Netop Remote Control to Support Thousands of Retail Devices Across Hundreds of Locations http://www2.netop.com/sir-solutions 6. Netop Case Study: Liquor Control Board of Ontario Securely Manages POS Systems with Netop http://www2.netop.com/LCBOCaseStudy

Recommended

Cryptography summary
Cryptography summaryCryptography summary
Cryptography summaryNi
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerceBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce SecuritySyed Maniruzzaman Pabel
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security Tawhid Rahman
 
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsMitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsDigital Shadows
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 

Recommended

Cryptography summary
Cryptography summaryCryptography summary
Cryptography summaryNi
 
Securing Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecuring Your Remote Access Desktop Connection
Securing Your Remote Access Desktop ConnectionSecurityMetrics
 
Security issue in e commerce
Security issue in e commerceSecurity issue in e commerce
Security issue in e commerceBosco Technical Training Society, Don Bosco Technical School (Aff. GGSIP University, New Delhi)
 
E-Commerce Security
E-Commerce SecurityE-Commerce Security
E-Commerce SecuritySyed Maniruzzaman Pabel
 
E-Commerce security
E-Commerce security E-Commerce security
E-Commerce security Tawhid Rahman
 
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsMitre ATT&CK and the Mueller GRU Indictment: Lessons for Organizations
Mitre ATT&CK and the Mueller GRU Indictment: Lessons for OrganizationsDigital Shadows
 
Network and web security
Network and web securityNetwork and web security
Network and web securityNitesh Saitwal
 
INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.INFORMATION SECURITY: THREATS AND SOLUTIONS.
INFORMATION SECURITY: THREATS AND SOLUTIONS.Ni
 
IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
E commerce Security
E commerce Security E commerce Security
E commerce Security Wisnu Dewobroto
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerceakhand Akhandenator
 
Computer security
Computer securityComputer security
Computer securityMahesh Singh Madai
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationMarketingArrowECS_CZ
 
A security strategy against steal and pass
A security strategy against steal and passA security strategy against steal and pass
A security strategy against steal and passIJNSA Journal
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptxKhappiyo
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Syed Ubaid Ali Jafri
 
E comm jatin
E comm jatinE comm jatin
E comm jatinJatin Mandhyan
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
E Commerce security
E Commerce securityE Commerce security
E Commerce securityMayank Kashyap
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber securitySweta Kumari Barnwal
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hackingAKSHAY KHATRI
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor AuthenticationPortalGuard dba PistolStar, Inc.
 
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...researchinventy
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 
Pronombres verbos-preguntas
Pronombres verbos-preguntasPronombres verbos-preguntas
Pronombres verbos-preguntasdeyanira niño gomez
 
Graziella Dragoni - La gestione delle emozioni
Graziella Dragoni - La gestione delle emozioniGraziella Dragoni - La gestione delle emozioni
Graziella Dragoni - La gestione delle emozionicorpomente
 

More Related Content

What's hot

IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET Journal
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityEryk Budi Pratama
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationMarketingArrowECS_CZ
 
A security strategy against steal and pass
A security strategy against steal and passA security strategy against steal and pass
A security strategy against steal and passIJNSA Journal
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptxKhappiyo
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor AuthenticationFortytwo
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Syed Ubaid Ali Jafri
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurancebdemchak
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvanitrraincity
 
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...researchinventy
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Alex Q. Chen
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?EC-Council
 

What's hot (20)

IRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor AuthenticationIRJET- Data Security with Multifactor Authentication
IRJET- Data Security with Multifactor Authentication
 
E commerce Security
E commerce Security E commerce Security
E commerce Security
 
Security in e commerce
Security in e commerceSecurity in e commerce
Security in e commerce
 
Computer security
Computer securityComputer security
Computer security
 
Network Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information SecurityNetwork Security - Defense Through Layered Information Security
Network Security - Defense Through Layered Information Security
 
Welcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authenticationWelcome to the 3rd generation in user authentication
Welcome to the 3rd generation in user authentication
 
A security strategy against steal and pass
A security strategy against steal and passA security strategy against steal and pass
A security strategy against steal and pass
 
Computer security 7.pptx
Computer security 7.pptxComputer security 7.pptx
Computer security 7.pptx
 
3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication3 reasons your business can't ignore Two-Factor Authentication
3 reasons your business can't ignore Two-Factor Authentication
 
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
Securing PoS Terminal - A Technical Guideline on Securing PoS System From Hac...
 
E comm jatin
E comm jatinE comm jatin
E comm jatin
 
Security and information assurance
Security and information assuranceSecurity and information assurance
Security and information assurance
 
E Commerce security
E Commerce securityE Commerce security
E Commerce security
 
Module 3-cyber security
Module 3-cyber securityModule 3-cyber security
Module 3-cyber security
 
Ethical hacking
Ethical hackingEthical hacking
Ethical hacking
 
Secrity project keyvan
Secrity project keyvanSecrity project keyvan
Secrity project keyvan
 
Two-factor Authentication
Two-factor AuthenticationTwo-factor Authentication
Two-factor Authentication
 
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
Network Based Intrusion Detection and Prevention Systems: Attack Classificati...
 
Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015Two Factor Authentication Made Easy ICWE 2015
Two Factor Authentication Made Easy ICWE 2015
 
What's new in​ CEHv11?
What's new in​ CEHv11?What's new in​ CEHv11?
What's new in​ CEHv11?
 

Viewers also liked

Graziella Dragoni - La gestione delle emozioni
Graziella Dragoni - La gestione delle emozioniGraziella Dragoni - La gestione delle emozioni
Graziella Dragoni - La gestione delle emozionicorpomente
 
Tutorial Função PROC
Tutorial Função PROCTutorial Função PROC
Tutorial Função PROCblogsopotencia
 
Sample Website 12 8 Final
Sample Website 12 8 FinalSample Website 12 8 Final
Sample Website 12 8 Finalravenpaige
 
B-Club | Investment Opportunities 1Q 2016 | Section I
B-Club | Investment Opportunities 1Q 2016 | Section IB-Club | Investment Opportunities 1Q 2016 | Section I
B-Club | Investment Opportunities 1Q 2016 | Section IBillion Estate
 
Gustavo
GustavoGustavo
Gustavogusgoz
 
The LibreOffice Human Interface Guidelines (HIG)
The LibreOffice Human Interface Guidelines (HIG)The LibreOffice Human Interface Guidelines (HIG)
The LibreOffice Human Interface Guidelines (HIG)Heiko Tietze
 
Discovering Al aqsa - 2016 tour and findings
Discovering Al aqsa - 2016 tour and findingsDiscovering Al aqsa - 2016 tour and findings
Discovering Al aqsa - 2016 tour and findingsAl Aqsa
 
Dance move you
Dance move youDance move you
Dance move youTom Dinh
 
Investment presentation-for-website-only
Investment presentation-for-website-onlyInvestment presentation-for-website-only
Investment presentation-for-website-onlyinvestorwattswater
 
Java data structures powered by Redis. Introduction to Redisson @ Redis Light...
Java data structures powered by Redis. Introduction to Redisson @ Redis Light...Java data structures powered by Redis. Introduction to Redisson @ Redis Light...
Java data structures powered by Redis. Introduction to Redisson @ Redis Light...Nikita Koksharov
 
Redes Sociales y Periodismo
Redes Sociales y PeriodismoRedes Sociales y Periodismo
Redes Sociales y PeriodismoVirginia García
 
Html, CSS & Web Designing
Html, CSS & Web DesigningHtml, CSS & Web Designing
Html, CSS & Web DesigningLeslie Steele
 
Elements of dance
Elements of danceElements of dance
Elements of dancetmnelsonky
 

Viewers also liked (17)

Pronombres verbos-preguntas
Pronombres verbos-preguntasPronombres verbos-preguntas
Pronombres verbos-preguntas
 
Graziella Dragoni - La gestione delle emozioni
Graziella Dragoni - La gestione delle emozioniGraziella Dragoni - La gestione delle emozioni
Graziella Dragoni - La gestione delle emozioni
 
Tutorial Função PROC
Tutorial Função PROCTutorial Função PROC
Tutorial Função PROC
 
Sample Website 12 8 Final
Sample Website 12 8 FinalSample Website 12 8 Final
Sample Website 12 8 Final
 
B-Club | Investment Opportunities 1Q 2016 | Section I
B-Club | Investment Opportunities 1Q 2016 | Section IB-Club | Investment Opportunities 1Q 2016 | Section I
B-Club | Investment Opportunities 1Q 2016 | Section I
 
Resume
ResumeResume
Resume
 
Gustavo
GustavoGustavo
Gustavo
 
The LibreOffice Human Interface Guidelines (HIG)
The LibreOffice Human Interface Guidelines (HIG)The LibreOffice Human Interface Guidelines (HIG)
The LibreOffice Human Interface Guidelines (HIG)
 
PDHPE
PDHPEPDHPE
PDHPE
 
Discovering Al aqsa - 2016 tour and findings
Discovering Al aqsa - 2016 tour and findingsDiscovering Al aqsa - 2016 tour and findings
Discovering Al aqsa - 2016 tour and findings
 
Dance move you
Dance move youDance move you
Dance move you
 
Investment presentation-for-website-only
Investment presentation-for-website-onlyInvestment presentation-for-website-only
Investment presentation-for-website-only
 
Java data structures powered by Redis. Introduction to Redisson @ Redis Light...
Java data structures powered by Redis. Introduction to Redisson @ Redis Light...Java data structures powered by Redis. Introduction to Redisson @ Redis Light...
Java data structures powered by Redis. Introduction to Redisson @ Redis Light...
 
Redes Sociales y Periodismo
Redes Sociales y PeriodismoRedes Sociales y Periodismo
Redes Sociales y Periodismo
 
Cómo sobrevivir al periodismo de datos sin programador
Cómo sobrevivir al periodismo de datos sin programadorCómo sobrevivir al periodismo de datos sin programador
Cómo sobrevivir al periodismo de datos sin programador
 
Html, CSS & Web Designing
Html, CSS & Web DesigningHtml, CSS & Web Designing
Html, CSS & Web Designing
 
Elements of dance
Elements of danceElements of dance
Elements of dance
 

Similar to Protecting Your POS System from PoSeidon and Other Malware Attacks

All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxITIO Innovex
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical HackingSripati Mahapatra
 
Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Amit Fogla
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxInfosectrain3
 
INTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORINTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORInfosec Train
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...Erin Moore
 
Network security
Network securityNetwork security
Network securityAli Kamil
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...ShivamSharma909
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +infosec train
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignRajat Jain
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxInfosectrain3
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2SafeNet
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeAaron White
 
Demystifying Attacks on Point of Sales Systems
Demystifying Attacks on Point of Sales SystemsDemystifying Attacks on Point of Sales Systems
Demystifying Attacks on Point of Sales SystemsSymantec
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshellYahia Kandeel
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center FundamentalAmir Hossein Zargaran
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guideMatt Ford
 

Similar to Protecting Your POS System from PoSeidon and Other Malware Attacks (20)

All You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptxAll You Wanted To Know About Top Online Payment Security Methods.pptx
All You Wanted To Know About Top Online Payment Security Methods.pptx
 
Network Security & Ethical Hacking
Network Security & Ethical HackingNetwork Security & Ethical Hacking
Network Security & Ethical Hacking
 
Mis jaiswal-chapter-11
Mis jaiswal-chapter-11Mis jaiswal-chapter-11
Mis jaiswal-chapter-11
 
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptxDomain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
Domain 3 of CEH v11 System Hacking Phases and Attack Techniques.pptx
 
INTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITORINTERVIEW QUESTION FOR IT AUDITOR
INTERVIEW QUESTION FOR IT AUDITOR
 
A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...A Brief Note On Companies And The Largest Ever Consumer...
A Brief Note On Companies And The Largest Ever Consumer...
 
Network security
Network securityNetwork security
Network security
 
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
Top Interview Questions to Master as a CompTIA Security+ Certified Profession...
 
Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +Top Interview Questions for CompTIA Security +
Top Interview Questions for CompTIA Security +
 
CompTIA Security+
CompTIA Security+CompTIA Security+
CompTIA Security+
 
Multi Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect DesignMulti Factor Authentication Whitepaper Arx - Intellect Design
Multi Factor Authentication Whitepaper Arx - Intellect Design
 
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptxDomain 4 of CEH V11 Network and Perimeter Hacking.pptx
Domain 4 of CEH V11 Network and Perimeter Hacking.pptx
 
Life After Compliance march 2010 v2
Life After Compliance march 2010 v2Life After Compliance march 2010 v2
Life After Compliance march 2010 v2
 
Cyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat LandscapeCyber-Espionage: Understanding the Advanced Threat Landscape
Cyber-Espionage: Understanding the Advanced Threat Landscape
 
SolusDeck
SolusDeckSolusDeck
SolusDeck
 
Demystifying Attacks on Point of Sales Systems
Demystifying Attacks on Point of Sales SystemsDemystifying Attacks on Point of Sales Systems
Demystifying Attacks on Point of Sales Systems
 
Seucrity in a nutshell
Seucrity in a nutshellSeucrity in a nutshell
Seucrity in a nutshell
 
Is4560
Is4560Is4560
Is4560
 
Security Operation Center Fundamental
Security Operation Center FundamentalSecurity Operation Center Fundamental
Security Operation Center Fundamental
 
ethical-hacking-guide
ethical-hacking-guideethical-hacking-guide
ethical-hacking-guide
 

Recently uploaded

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsMaria Levchenko
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024Results
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024The Digital Insurer
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CVKhem
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 

Recently uploaded (20)

2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Handwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed textsHandwritten Text Recognition for manuscripts and early printed texts
Handwritten Text Recognition for manuscripts and early printed texts
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024A Call to Action for Generative AI in 2024
A Call to Action for Generative AI in 2024
 
Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024Finology Group – Insurtech Innovation Award 2024
Finology Group – Insurtech Innovation Award 2024
 
Real Time Object Detection Using Open CV
Real Time Object Detection Using Open CVReal Time Object Detection Using Open CV
Real Time Object Detection Using Open CV
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 

Protecting Your POS System from PoSeidon and Other Malware Attacks

  • 1. Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Protecting Your POS System from PoSeidon and Other Malware Attacks A Multi-tier, “Defense in Depth” Strategy for Securing Point of Sale Systems from Remote Access Attacks Retailers are being threatened by a new wave of malware aimed directly at point-of-sale (PoS) systems. A program called PoSeidon is being used by cybercriminals to steal payment card data from retailers. This whitepaper explains how PoSeidon works, and provides techniques that retailers and POS suppliers can use to protect themselves and their customers from this threat, and from other, similar attacks conducted through remote access software.
  • 2. Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support In March 2015, the Cisco Security Solutions team1 identified a new Trojan program they called PoSeidon that skims credit card information from point-of-sale systems. This whitepaper explains how PoSeidon works, and provides techniques that retailers and POS suppliers can use to protect themselves and their customers from this threat, and from other, similar attacks conducted through remote access software. What is PoSeidon? PoSeidon is the name given to a new Trojan program that targets point-of-sale terminals, stealing consumer payment card data for use by criminals. Lucian Constantine of IDG New Service2 described the malware this way: The CSS researchers have identified three malware components that are likely associated with PoSeidon: a keylogger, a loader and a memory scraper that also has keylogging functionality. The keylogger is designed to steal credentials for the LogMeIn remote access application. It deletes encrypted LogMeIn passwords and profiles that are stored in the system registry in order to force users to type them again, at which point it will capture them. The CSS researchers believe this keylogger is potentially used to steal remote access credentials that are needed to compromise point-of-sale systems and install PoSeidon. Past studies have showed that PoS terminals are typically compromised through stolen or brute-forced remote access credentials, as many of them are configured for remote technical support. Once the PoSeidon attackers get access to a PoS terminal, they install a component known as a loader. This component creates the registry keys needed to maintain the infection’s persistence across system reboots and downloads another file called FindStr from a hard-coded list of command-and-control (C&C) servers. As its name implies, FindStr is used to find strings that match payment card numbers in the memory of running processes. The Trojan then verifies that the captured strings are actually credit card numbers by using an algorithm known as the Luhn formula, and uploads them to one of several command-and- control servers along with other data captured through its key logging functionality. A New Threat to Point-of-Sale Systems “ …the attackers may have stolen LogMeIn credentials in order to remotely access the POS device (and perhaps many others with the same account) and install the POS malware.” Sagie Dulce, security researcher at Imperva3 Request command from C&C Send URL to download & execute: “FindStr” Download & execute EXE .ru C&C Server File Server .ru Exfil Server Send CC numbers & keystrokes 2 Set persistence to survive reboot 1 3 4 Install keylogger on POS device 5 Check memory for CC numbers 6 7 EXE Loader EXE FindStr
  • 3. Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support How Can You Defend Yourself from PoSeidon? Defending against malware like PoSeidon is difficult. There is no silver-bullet to protect your network against the variety of tools, exploits and attacks criminals will throw against you. As a result, Netop recommends a defense-in-depth strategy for security. Because Point of Sale attacks often target remote access tools, it is vital your remote access and control strategies include multiple overlapping layers of defense and protection. Netop has been supplying the retail industry with unparalleled security for remote access and remote control for nearly 30 years. With 24% of the world’s top 100 retailers and 42% of the world’s top banks using Netop Remote Control, you can trust our security has been tested and verified. Netop’s approach to security focuses on four overlapping strategies: Secure The Line Secure remote access relies on strong encryption to ensure the confidentiality, integrity and authenticity of data being transmitted. Encryption is like a three legged stool. One weak leg and the stool collapses. Many remote access vendors provide high levels of encryption, but provide weak key exchange and message authentication, creating a dangerous risk of collapsing their encryption. Netop’s approach to encryption is comprehensive: • Data confidentiality is ensured with up to 256-bit AES (Advanced Encryption Standard) • Data integrity is ensured with upt to 256-bit SHA HMAC (Secure Hash Standard or Keyed-Hash Message Authentication Codes) • Data authenticity is ensured with a combination of 2048-bit Diffie Hellman key exchange and the 256-bit AES and 512-bit SHA Spartan Stores strengthened their security and achieved a 30% increase in efficiency when they switched to Netop Remote Control Secure the line Manage user access Manage user rights Document what happens 1 2 3 4 SUPPORT S Closed Us Groups 100% Protection non-approved u IT Admin Group Helpdesk Group Super User Group External Group Sales Group Backup Servers Management Group SAP Server Finance Group SUPPORT S Market-Lea 256-bit A Encryptio t G Complete centrailized and scalable management of who can do what where and when with a few clicks Netop Security Server 24%World Top 100 Retailers
  • 4. Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Manage User Access Strong encryption is a crucial first step to securing data, but encryption alone is not sufficient to keep you safe. Managing user access is necessary to prevent unintended users from accessing your network and unencrypting the data with stolen credentials. Netop provides several options for managing user access that includes: • Minimize Threat Vectors. Your network is being scanned continuously. Every public IP address, all your open ports, and any inbound firewall exceptions you’ve allowed are now threat vectors. Netop’s WebConnect service provides Internet connectivity without open ports or inbound firewall exceptions. Within closed networks Netop can be configured to prevent devices from advertising connection details, preventing network browse requests and using specific IP address checks prior to making a connection. Using Netop’s secure gateways, customers can provide a single secured access point into closed network segments without opening those devices to the Internet. • Closed User Groups. Unique to Netop Remote Control, closed user groups provide protection against non-approved users by limiting communication to devices that have been pre-configured with a unique Closed User Group License. The Closed User Group is a highly effective mechanism for preventing outside parties from interacting with the systems in your network. • Multi-Factor Authentication. Dual factor or multi factor authentication mitigates the threat of stolen or compromised passwords. Netop supports multi-factor authentication options including: RSA SecureID, Windows Azure, Radius servers, smart cards, tokens and others. • User Controlled Access. For attended devices, Netop can be configured so that end-users must confirm and allow remote access before a remote session can be established. Even if user controlled access is not enforced, connection notifications can be configured to notify the local user upon, during, or after a session. END USERSUPPORT STAFF Authentication Users can authenticate through Directory Services, smart cards, tokens etc. Closed User Groups 100% Protection against non-approved users User controlled access The user will need to actively click a button to allow the Guest access END USERSUPPORT STAFF Market-Leading 256-bit AES Encryption Market-Leading Dynamic Key Exchange SUPPORT STAFF Set persist survive reb 1 Install keyl on POS dev 5 Check mem for CC num 6 The Liquor Control Board of Ontario, one of Canada’s largest retailers meets security standards with a remote support solution from Netop that provides centrally managed security, authentication and authorization for point of sale systems.
  • 5. Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Manage User Rights Securing remote access doesn’t stop with encrypted traffic and authenticated users. Once a user has successfully accessed a networked device, managing their rights and permissions is the next step in maintaining your security. Netop provides a sophisticated system of role based access controls with centralized and scalable management of who can do what, where and when. Specific features including file transfer, remote keyboard and mouse control, monitoring, and system inventory can be turned on or off with the click of a button for users, roles and groups. END USERSUPPORT STAFF Authentication Users can authenticate through Directory Services, smart cards, tokens etc. Closed User Groups 100% Protection against non-approved users User controlled access The user will need to actively click a button to allow the Guest access SUPPORT STAFF Secure the line Manage user access Manage user rights Document what happens 1 2 3 4 SUPPORT Closed U Group 100% Protectio non-approved IT Admin Group Helpdesk Group Super User Group External Group Sales Group Backup Servers Management Group SAP Server Finance Group SUPPORT Market-Le 256-bit A Encrypt t G Complete centrailized and scalable management of who can do what where and when with a few clicks Netop Security Server Netop Remote Control offers cloud hosting or on premise options to meet your security needs. POS equipment vendor SIR Solutions turned to Netop for a cost-effective and secure way to support thousands of retail devices across hundreds of locations.
  • 6. Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Document What Happens The last line of defense against hackers and criminals is robust logging and activity histories. Having the ability to identify what happened, when it happened and who was involved is critical to mitigating ongoing attacks and cleaning up an attack that has been resolved. Netop Remote Control includes over 100 logable events and provides full screen recording if required. Logs and screen recordings can be stored locally or centrally. Systems can be configured to prevent connectivity if screen recording is unavailable or disabled. Conclusion Security matters. While no company can protect themselves against every form of attack, there are basic steps that retailers and system providers can take to safeguard customer data from PoSeidon and other forms of malware that attack point-of-sale systems through remote access software. Start by assessing the remote access solutions used at your company. Are you using general purpose remote access software, or a solution that is designed for PCI compliance and security like Netop Remote Control? Are you taking advantage of advanced security features like multi- factor authentication and closed user groups? If so, then you should be able to protect your company and your customers from PoSeidon. If not, talk to Netop about how to make your remote access system more secure. END USERSUPPORT STAFF 100+Log Events and Screen Recording Central recording or local recording offers the most secure way of knowing exactly who did what and when. Central Recording Central Loggingntral Loggi Download & execute EXE Server .ru Exfil Server Send CC numbers & keystrokes 4 on POS device Check memory for CC numbers 6 7 EXE FindStr About Netop Remote Control Why do 24% of the world’s top 100 retailers use Netop Remote Control? Because security matters. Netop is the most secure, trusted and scalable remote support software solution on the market today. We’ve been helping customers grow their enterprises with secure remote control and support for workstations, servers, embedded systems and mobile devices for 30 years.
  • 7. Protecting Your POS System from PoSeidon and Other Malware Attacks www.netop.com/remote-support Reference List 1. Cisco Threat Research blog post by Talos Group dated March 20, 2015: http://blogs.cisco.com/security/talos/poseidon 2. PC World article dated March 23, 2015 by Lucian Constantine, IDG News Service: http://www.pcworld.com/article/2900552/new-malware-program-poseidon-targets-pointofsale-systems.html 3. IT Security Guru article dated March 23, 2015 by Dan Raywood: http://www.itsecurityguru.org/2015/03/23/poseidon-malware-poses-fresh-retail-threat 4. Netop Case Study: Spartan Stores Realizes 30% Efficiency Gain with Netop Remote Control http://www2.netop.com/spartancasestudy 5. Netop Case Study: POS Equipment Vendor Leverages Netop Remote Control to Support Thousands of Retail Devices Across Hundreds of Locations http://www2.netop.com/sir-solutions 6. Netop Case Study: Liquor Control Board of Ontario Securely Manages POS Systems with Netop http://www2.netop.com/LCBOCaseStudy