Charles Leaver – Trump Hotels Were Breached Because Of Point Of Sale Vulnerabilities That Were Not Visible

Written By Matthew Fullard Presented By Charles Leaver CEO Ziften

Trump Hotels Point-of-Sale Susceptibility Emphasize Need for Faster Detection of Anomalous Activity

Trump Hotels, suffered a data breach, between May 19th 2014 and June 2, 2015. The point of infection utilized was malware, and contaminated their front desk computers, POS systems, and restaurants. However, in their own words they declare that they “did not discover any evidence that any consumer information was taken from our systems.” While it’s soothing to discover that no evidence was found, if malware exists on POS systems it is most likely there to steal details related to the credit cards that are swiped, or increasingly tapped, inserted, or waved. A lack of evidence does not suggest the lack of a criminal offense, and to Trump Hotel’s credit, they have provided free credit monitoring services. If one is to examine a Point-of-Sale (or POS) system however you’ll discover something in abundance as an administrator: They hardly ever alter, and software applications will be nearly uniform across the implementation environment. This can provide both positives and negatives when considering securing such an environment. Software changes are slow to happen, need extensive screening, and are hard to roll out.

However, since such an environment is so homogeneous, it is also a lot easier to determine Point of Sale vulnerabilities when something brand-new has actually changed.

At Ziften we monitor all executing binaries and network connections that occur within an environment the second they take place. If a single Point of Sale system started to make new network connections, or started running brand-new software, no matter its intent, it would be flagged for further review and examination. Ziften also gathers endless historic data from your environment. If you want to know exactly what took place six to twelve months earlier, this is not an issue. Now dwell times and AV detection rates can be determined using our incorporated threat feeds, along with our binary collection and submission technology. Likewise, we’ll tell you which users initiated which applications at exactly what time across this historic record, so you can learn your preliminary point of infection.

POS issues continue to plague the retail and hospitality industries, which is a shame provided the relatively uncomplicated environment to monitor with detection and response.

 

Leave a Reply

Your email address will not be published. Required fields are marked *