Hospitality sector and restaurant chains become easy targets of PoS malware; here’s a look at some major attacks in 2019

• Point-of-Sale malware is often successful in infecting devices due to poor security controls.
• Catch Hospitality Group, announced recently that its restaurants Catch NYC and Catch Roof were compromised from March 19 through October 17 of this year.

Point of sale (PoS) systems are payment devices that are used at almost any store. Depending on the number of purchases or bookings, these machines have eased the job of retailers by simplifying the money collection process. Recently, they have been modified to allow customers to swipe a credit card, insert a chip-based card or tap a card or their mobile device in order to ease the process of payment.

Along with good things come the bad and PoS systems are no exception. While these internet-connected devices have simplified the payment process for retailers, they have also opened doors for new threats from cybercriminals.

The common attack method

PoS malware designed to steal information on payment cards from PoS systems has become a common cybercrime against the hospitality sector and restaurant chains.

To initiate an attack, malware such as TinyPoS and DMSniff are deployed on a PoS terminal of the targeted organization. Later the malware steals the information entered on the terminal and transmits it to a cybercriminal via the internet.

Look back to PoS attacks from 2019

Mexican restaurant chain ‘On The Border’ was compromised after attackers accessed payment card details of customers through malware installed on payment processing systems at some of its locations. The incident occurred between April 10 and August 10, 2019. The compromised information included customers’ names, credit card numbers, expiration dates, and verification codes.

Catch Hospitality Group, announced that its restaurants Catch NYC and Catch Roof were compromised from March 19 through October 17 of this year. The PoS malware used in the attack was capable of obtaining payment card information including the name of the cardholder as well as the card numbers, expiration date, and internal verification code.

Four restaurant chains in the U.S - McAlister’s Deli, Moe’s Southwest Grill, Schlotzsky’s, and Hy-Vee - had suffered payment card theft after hackers compromised their payment systems using PoS malware. The attack had occurred between April 29, 2019, and July 22, 2019.

North Country Business Products (NCBP), a Minnesota-based provider of PoS products announced a massive breach that affected nearly 140 bars, restaurants, and coffee shops across the US. The PoS malware used in the attack was designed to harvest cardholder name, credit card number, expiration date, and CVV.

Protection against PoS malware

• Point of Sale malware is often installed on a device due to poor security controls such as unpatched vulnerabilities or weak credentials. Fixing these vulnerabilities in an important step in protecting against point-of-sale malware.
• Implementing process whitelisting also helps retailers to ensure that no unauthorized/malicious programs can be executed on the machine without detection. In addition to this, retailers should also implement IP/domain whitelisting at the network firewall to block malicious traffic attempting to install PoS malware.
• Code signing is an effective approach in the macOS ecosystem. This can help companies using macOS systems to run only executable signed by an Apple-issued key.