Happy New Year federal friends! I hope each and every one of you have had a great holiday season with your families and friends. I know I had a nice quiet week off, until Hercules dropped some snow and most of us were slapped in the face with a nice Polar Vortex session. Now it's time to hop back on the horse and charge head first into 2014.
In the wake of the massive Target breach that ended 2013, DHS has started 2014 off with a nice shot across the bow for anyone using POS systems and any organization utilizing them. The alert, TA14-002A, is specifically around Malware affecting these POS systems and does not highlight specific brands, but the space as a whole. Immediate steps were laid out in the alert and I have listed them here. If your org. is utilizing any POS system I highly suggest talking a look at the steps below and checking your systems ASAP.
- Use Strong Passwords: During the installation of POS systems, installers often use the default passwords for simplicity on initial setup. Unfortunately, the default passwords can be easily obtained online by cybercriminals. It is highly recommended that business owners change passwords to their POS systems on a regular basis, using unique account names and complex passwords.
- Update POS Software Applications: Ensure that POS software applications are using the latest updated software applications and software application patches. POS systems, in the same way as computers, are vulnerable to malware attacks when required updates are not downloaded and installed on a timely basis.
- Install a Firewall: Firewalls should be utilized to protect POS systems from outside attacks. A firewall can prevent unauthorized access to, or from, a private network by screening out traffic from hackers, viruses, worms, or other types of malware specifically designed to compromise a POS system.
- Use Antivirus: Antivirus programs work to recognize software that fits its current definition of being malicious and attempts to restrict that malware's access to the systems. It is important to continually update the antivirus programs for them to be effective on a POS network.
- Restrict Access to Internet: Restrict access to POS system computers or terminals to prevent users from accidentally exposing the POS system to security threats existing on the internet. POS systems should only be utilized online to conduct POS related activities and not for general internet use.
- Disallow Remote Access: Remote access allows a user to log into a system as an authorized user without being physically present. Cyber Criminals can exploit remote access configurations on POS systems to gain access to these networks. To prevent unauthorized access, it is important to disallow remote access to the POS network at all times.
As I've noted for the past few weeks, Rapid7 is hitting the road and will be in DC on Feb. 11th for our FREE "Security at the Crossroads" seminar. This is a half day of discussions from various industry experts followed by a FREE session of Metasploit Tips and Tricks. if you are in the area and looking to attend follow this link to the DC specific show. I will be in attendance, (bonus!) along with some of my colleagues from the various Rapid7 offices. I am excited to meet and connect with those that have already signed up and let me know if you read the blog and any suggestions for future write-ups!