Tech Company Sets Traps For Cyber Attackers Of Point of Sale Systems

Undetected Vulnerabilities Lay in Wait and Could Lead to Large Holiday Breaches According to Research Report

FREMONT, Calif., December 7, 2016— Attivo Networks®, the award-winning leader in deception for cyber security threat detection, issued a report today detailing severe vulnerabilities in the nation’s POS systems that could lead to large breaches during the Holiday shopping period and on into next year.  The report, based on primary research, shows how attackers are moving laterally undetected through networks, compromising asset management servers and then using them to plant malware on POS terminals for either timed or remote activation, creating the foundation for wide-scale credit card information theft.  Traditional security devices have proven to be ineffective in detecting an attacker’s lateral movement, in providing malware activation visibility between asset servers and POS terminals, and in accurately correlating attack forensic data according to the report.

The lack of visibility into POS attacks provides an environment where attackers can operate with as much time as they need to find and compromise a key asset such as an Active Directory or patch management server that will expose the POS payment processing gateways. Once identified, the attacker deploys malware through the patch-management software and then compromises the payment processing application using a RAM scraper as a final payload of the attack to steal and upload card data.  The report adds that once compromised it remains a constant challenge for organizations to have visibility into how widespread the attack may be and how to conclusively shut down these attacks.

It also points out that many of today’s POS devices are particularly vulnerable to malware since they run on older, unprotected Windows XP or even DOS based systems in which anti-virus is not available.  Additionally, in some cases, the patch management systems run in a trusted mode and there may

 not be anti-virus running at all. The report notes that having an endpoint security solution is not a fail safe way to prevent attacks because many of these attacks are targeted and originate from the endpoints using stolen credentials to breach the systems.

The report covers:

  • Details of the vulnerabilities and three cases of breach within large, regional and mid-sized retail organization
  • The anatomy and findings from these attacks
  • Recommendations for early attack visibility and detection

This was the first time deception technology has been used to provide visibility into a POS attack, as well as defeat it.  Researchers introduced deception technology into POS networks and found that creating lures and decoys could successfully trick attackers into revealing themselves through initial and ongoing attack phases. 

“With an approach based on attacker engagement, deception traps make a highly efficient and accurate method for detecting evasive advanced threats and their lateral movement.” comments Marc Feghali, co-founder of Attivo Networks.  “Early visibility into these threats and the reduction of dwell time can mean the difference between a minor incident or a wide scale public breach.  We found that deception changes the game and adds detection in the heart of the attacker operations. Early detection of attempts to compromise asset management servers, POS terminals and gateways is the key to stopping wide-scale attacks and the breaches we all too often read about.”

“Based on this research, we predict that in 2017 there will be a significant increase in reported POS attacks, largely due to the high probability that these systems have already been breached and attackers are already active throughout many networks today, undetected and unchecked,” concludes Tushar Kothari, CEO of Attivo Networks.  “There is a high likelihood that breaches during this Holiday period won’t be detected until well later in the year and unfortunately well after the cardholders have suffered the consequence of shopping for what will no longer feel like a good holiday deal .”

Resources: “Point-of-Sale System Attacks; the Role of Early Detection for Breach Prevention”

About Attivo Networks

Attivo Networks® is an award-winning leader in deception technology for real-time detection, analysis, and acceleration of incident response to cyber-attacks. The Attivo Threat Matrix™ Deception and Response Platform provides early detection of advanced, stolen credential, ransomware, and phishing attacks that are inside user networks, data centers, clouds, IoT and ICS-SCADA environments. By deceiving attackers into revealing themselves, comprehensive attack analysis is efficiently gathered, actionable alerts raised, and response actions automated with prevention system integrations.  As part of the continuous threat management platform, ThreatPath™ provides vulnerability assessment of attack paths for proactive incident prevention.  For more information, visit


More Point of sale news!

  1. Thanx Secures $17.1M Series B to Bring Big Data to Retail Merchants
  2. B2B Soft, Arzosoft Strike Partnership to Help Wireless Retailers Save Money and Recover Losses
  3. Ranking of Mobile POS Leaders in the Quick Service Restaurant Industry by DMI
  4. Revel Systems Expands Partnership with FreedomPay
  5. Shelfbucks Acquires Portfolio of Patents (electronic retail shelf labels)
  6. Hyperwallet Begins 24/7 Support Amidst Launch of New Austin Contact Center
  7. NGC Software Introduces New Advanced Quality Module and Interactive Quality Tablet
  8. Tlantic guarantees its presence in the Retail’s BIG Show (NRF), in New York #nrf17
  9. Eleven Consecutive Billion-Dollar Days of Online Desktop Spending from Thanksgiving
  10. Celerant Technology Tops the Retail Software Charts for 13 Years

The Point of Sale News (, now finishing its 7th year,  does not sell software, hardware, POS products or POS services – we are strictly focused on POS news, information and resources for business owners and managers.   Our background in POS systems goes back to 1983, and we’ve helped thousands of businesses get automated.  If you have a POS related question – or a suggestion for an article, feel free to email us (see Contact link at bottom of page) and we’ll  try to help.    If you are interested in submitting content or becoming a sponsor, please see the Footer menu below.  Thank you for visiting us!