Is your Point of Sale machine protected against attacks?
There have been a lot of criminals that are interested in the Retailer’s POS machines due to the fact that there are so many credit cards that pass through these POS machines. One thing that makes it easy for thieves to rob is that these machines are not properly guarded. In fact, a lot of these machines are even setup incorrectly from the start – it’s not because of the POS vendor, but from the password they chose and not making any security updates.
Lately, there’s been news about a certain type of malware which has been found that is specifically made to break though the POS machine’s security. This certain malware is called, Win32/BrutPOS.A.
The focus of this BrutPOS is to brute-force its way into a POS machine using a variation of passwords that are overused in order to log in through its Remote Desktop Protocol (RDP). Up until this time, the origin of the malware is still in question and how it is being spread. Some speculate that it may have hidden itself under another program or malware. As soon as the security has been breached, the Trojan installs a “RAM Scaper” with a sole purpose of scraping all credit card information in the POS machine’s memory and then sends them back to the attacker via the FTP.
A lot of victims of these malware are small retail businesses. So for those with a POS machine, here are some tips to protect your systems from getting hacked by this type of malware and other forms of attacks.
- The use of strong passwords. It is always important and of utmost importance when choosing a strong password. You can see that most of these attacks have passwords that are non-secure and poor-choice passwords.
- Limit your login attempts. As soon as you have setup your strong login password, make sure that you have few logins to your machines – lock the machine when a certain number of incorrect attempts have been reached. The most common login tries is around 3-5 times. This helps in reducing any brute force attacks since the attackers are limited from trying more incorrect passwords.
- Limiting access. It is advisable to limit the access whenever possible to make sure that any attempts of attacks are minimized. If you are not remotely accessing your POS machine, then do not enable the RDP.
There are several ways to help protect your POS machine with the same measures that one would implement to protect other machines on the Internet. Remember also to keep your software updated especially when it comes to security software.
A lot of the business owner’s misconception when they have a POS machine is that, the security installed is enough to protect their business all through, but it’s not. It is part of the owner’s responsibility to update their POS time and time again when needed.
A good reminder for every small business owners for any machines that connect to the Internet, they should all be protected and kept safe from getting hacked.