keeping hackers out of your pos!
TRANSCRIPT
![Page 1: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/1.jpg)
Keeping the hackers out of your POS!
Michael McKinnon, AVG Security Advisor
AVG.COM.AU
AVG.CO.NZ
![Page 2: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/2.jpg)
AVG.COM.AU AVG.CO.NZ
What are we looking at today?
![Page 3: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/3.jpg)
AVG.COM.AU AVG.CO.NZ
1.The Problem
2.Attack Vectors
3.Types of Attacks
4.Solutions
Quick Overview
![Page 4: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/4.jpg)
The Problem
Unlike shoplifters, cybercriminals set up camp and stay
there, stealing from retailers for extended periods of time.
![Page 5: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/5.jpg)
AVG.COM.AU AVG.CO.NZ
PC based POS systems
• They are cheap, efficient and can be used for multiple purposes
• However, the PC has become the POS security “battleground”
+ +
![Page 6: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/6.jpg)
AVG.COM.AU AVG.CO.NZ
Data breaches are still too easy!
Source: Verizon Data Breach Investigations Report 2012
![Page 7: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/7.jpg)
AVG.COM.AU AVG.CO.NZ
96%
4%
Australian Retail Spend
Offline Retail Online Retail
Offline retail is the biggest cybercrime target
Source: NAB Online Retails Sales Index – July 2012
![Page 8: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/8.jpg)
AVG.COM.AU AVG.CO.NZ
Infiltration of POS transaction data
There are lots of examples in the news…
Source: www.cio.com.au/article/436663/two_romanians_plead_guilty_point-of-sale_hacking/
![Page 9: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/9.jpg)
Attack Vectors
There are 6 ways cybercriminals can gain entry into your retail
business…
![Page 10: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/10.jpg)
AVG.COM.AU AVG.CO.NZ
The user manual says:
“Step 1. Change the default password”
BUT, it is far too common that these are not changed, or they’re
changed to someone else’s “default” password (which is widely
known)
#1. Default passwords
![Page 11: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/11.jpg)
AVG.COM.AU AVG.CO.NZ
Which password is the most secure?
1. E56#av+Yb!
2. Password123
3. aaaaaAAAAA#####43
4. 123456
5. lucasjames
![Page 12: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/12.jpg)
AVG.COM.AU AVG.CO.NZ
Answer: aaaaaAAAAA#####43
But why?
• 17 characters in length
• Contains upper and lowercase letters
• Contains numbers
• Contains a symbol
• There are 37 thousand billion billion billion possiblecombinations!
Learn other tips to creating a secure password here.
![Page 13: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/13.jpg)
AVG.COM.AU AVG.CO.NZ
• Convenient and very common for providing remote support
• But, often poorly implemented with weak passwords
#2. Remote desktop access
![Page 14: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/14.jpg)
AVG.COM.AU AVG.CO.NZ
• Wireless networks are convenient in retail environments, however
when they’re poorly configured, they represent a huge security
risk
• Data packets can be “sniffed” by nearby attackers
#3. Insecure wireless networks
![Page 15: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/15.jpg)
AVG.COM.AU AVG.CO.NZ
• Phishing is the sending of specially crafted emails to trick users
into divulging sensitive information. For example:
“Click here to see the details of your order” –> (login page)
• Handling email in a retail setting can be very dangerous!
#4. Phishing, spear phishing & whaling
![Page 16: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/16.jpg)
AVG.COM.AU AVG.CO.NZ
• Social engineering means that gaining access to someone’s
computer only needs to be as hard as gaining their trust!
• What do you give for a 10th wedding anniversary…?
“I could have got her to click on anything I wanted!”
• It’s about customer service vs customer honesty
#5. Social engineering
![Page 17: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/17.jpg)
AVG.COM.AU AVG.CO.NZ
• Modern retail layouts often remove the traditional
counter, exposing equipment to theft or tampering
• Disclosure of the makes and models, or other identifying
labels, can also compromise retailers
• Physical loss is no.1 risk for secure mobile devices
#6. Physical disclosure
![Page 18: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/18.jpg)
Types of Attack
Malware and hacking are the most common attack methods used
by cybercriminals.
![Page 19: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/19.jpg)
AVG.COM.AU AVG.CO.NZ
Common types of attack
Source: Verizon Data Breach Investigations Report 2012
![Page 20: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/20.jpg)
AVG.COM.AU AVG.CO.NZ
Malware & Trojans
• Common varieties that cause general havoc include Fake Antivirus & ransomware
• Retail / POS specific – “RAM scrapers” (designed to exflitrate transaction data)
• Remote control Trojan or Rootkit (designed to remain hidden for future access)
![Page 21: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/21.jpg)
AVG.COM.AU AVG.CO.NZ
• When combined with custom written malware, hacking is highly-
targeted and designed to avoid detection and remain in place for a
long time
• In 2011, Verizon reported that 81% of incidents utilised some
form of hacking
Hacking
![Page 22: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/22.jpg)
Solutions
You may be surprised that security solutions are often simple and
inexpensive.
![Page 23: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/23.jpg)
AVG.COM.AU AVG.CO.NZ
The solutions are NOT expensive
Source: Verizon Data Breach Investigations Report 2012
![Page 24: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/24.jpg)
AVG.COM.AU AVG.CO.NZ
Tips & suggestions
1. Use strong passwords and change the default ones
2. Secure remote access with strong authentication
3. All wireless networks should use “WPA” or “WPA2”
4. Avoid spam email – use an Anti-Spam solution
5. Increase staff awareness of social engineeringtactics
6. Use endpoint protection on every device(antivirus and anti-malware) – AVG is a good choice!
![Page 25: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/25.jpg)
AVG.COM.AU AVG.CO.NZ
Follow the money
• Cybercriminals tend to “follow the money”
• This means the types of attack are often predictable:
• Credit card data
• Private customer information
• Refund / returns policy
• Bank accounts
• Financial processes
![Page 26: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/26.jpg)
AVG.COM.AU AVG.CO.NZ
Talk to your IT provider & stay in the loop!
• Ask them: “How are you keeping us secure?”
• Sign up to vendor notification / update lists
• Every six months, do a proper review of security
![Page 27: Keeping hackers out of your POS!](https://reader034.vdocuments.site/reader034/viewer/2022052602/55a151571a28ab4b1d8b456a/html5/thumbnails/27.jpg)
AVG.COM.AU AVG.CO.NZ
Thank you!
For even more information on retail security, visit:
avg.com.au/POS
avg.com.au
avg.co.nz
facebook.com/avgaunz
twitter.com/avgaunz