Symantec: Retail POS at increased attack risk after Windows XP EOL - Techie News (UK and Ireland)

Symantec has warned that retail point-of-sale (POS) systems, which run on Windows XP embedded or even Windows XP professional in some instances are at an increased risk of attacks after the operating system’s April 8 EOL deadline.

The security company notes that this older version of the operating system is susceptible to vulnerabilities because of which they are open to attacks. Citing the EOL date of April 8, 2014, Symantec notes that Microsoft will stop providing patches for any new vulnerabilities that may be discovered after the cutoff date putting “POS operators under increased risk of a successful attack and POS operators should already have mitigation plans in place to meet this coming deadline.”

Symantec notes that as POS systems run Windows embedded, malware developers will be able to recode their warez and make them compatible with POS. Attackers wouldn’t actually need a lot of advanced programming techniques to target POS systems.

Symantec listed accessibility, lack of point to point encryption (P2PE), software vulnerabilities, susceptibility to malicious code, and slow adoption of EMV (Europay, Mastercard and VISA) as some of the security issues surrounding POS systems.

The report notes that attackers won’t be required to target POS directly and corporate networks connected to these systems could be gateways to such systems. Retailers are required to comply with Payment Card Industry (PCI) Data Security Standard (DSS), but the standard doesn’t explicitly state isolation requirements and this is where doorways to POS systems open up through corporate network.

Further, the lack of P2PE leaves credit data and transaction data vulnerable to scrapping during transit and even while in memory. This is what happened in case of Target where the installed malware was known to steal data while still in memory.

Implementation of network segmentation, encryption, updated security software, intrusion prevention system, strong two-factor authentication and monitoring of network and data access systems are some of the practical mitigation steps that Symantec recommends.

[Source: Symantec, Special report on Attacks on Point of Sales Systems]

Ravi

Cookie	Duration	Description
cookielawinfo-checkbox-analytics	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional	11 months	The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance	11 months	This cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy	11 months	The cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.

Leave a Reply Cancel reply