8-20-14

“Out there in some garage is an entrepreneur who’s forging a bullet with your company’s name on it.”

-Gary Hamel


Cybercriminals Deliver Point-of-Sale Malware to 51 UPS Store Locations

http://www.securityweek.com/cybercriminals-deliver-point-sale-malware-51-ups-store-locations

http://www.scmagazine.com/ups-announces-breach-impacting-51-us-locations/article/367257/

C-IT Recommendation

  1. Create new non-intuitive usernames for POS accounts.  Disable  the default usernames.
  2. Use Strong password for Terminal log in accounts and change them regularly
  3. Keep POS operating systems and POS Software Applications updated with the latest patches:
  4. Install a Firewall
  5. Ensure a solid Antivirus solution is running on the POS terminals
  6. Ensure your company is using a web content filtering solution to prevent user from accessing malicious websites.
  7. Validate the web content filtering solution is up to date with the latest stable version with the latest site signature updates
  8. Disallow Remote Access so that attackers cannot remotely access terminals
  9. Encrypt traffic between terminals, servers and payment card processor

Article Resources

UPS Stores impacted by the breach

http://www.theupsstore.com/security/Pages/default.aspx

US CERT- New Point of Sale Malware

https://www.us-cert.gov/sites/default/files/publications/BackoffPointOfSaleMalware.pdf

US-CERT Alert Malware Targeting Point of Sale Systems

https://www.us-cert.gov/ncas/alerts/TA14-002A

Protecting PoS Environments Against Multi-Stage Attacks

http://www.symantec.com/content/en/us/enterprise/white_papers/b-protecting-pos-environments-against-multi-stage-attacks-WP-21327754.pdf

 

Leave a Reply

Your email address will not be published. Required fields are marked *