{"id":631,"date":"2015-05-14T01:00:28","date_gmt":"2015-05-14T08:00:28","guid":{"rendered":"http:\/\/sintelsystemspos.com\/?p=631"},"modified":"2015-05-05T10:42:52","modified_gmt":"2015-05-05T17:42:52","slug":"breaking-point-of-sale","status":"publish","type":"post","link":"https:\/\/sintelsystemspos.com\/es\/breaking-point-of-sale\/","title":{"rendered":"Breaking Point Of Sale"},"content":{"rendered":"

\"Computer<\/a>As news about point of sale data breaches continues unabated, it is perhaps worthwhile to consider the issue from the criminal’s point of view.<\/p>\n

One such example is a slideshow prepared by Russ Spitler, vice president of product management at\u00a0the security management firm AlienVault, and part of a post on the website ITBusinessEdge.com, \u00abFrom a Hacker’s Perspective: How to Breach a Point-of-Sale System.\u00bb<\/p>\n

Spitler breaks everything down step-by-step as to what a criminal would have to do in order to breach a point of sale (POS) system.<\/p>\n

As the only full-service point of sale provider \u2014 from software development to franchise incubator to ongoing support \u2014 part of Sintel’s commitment to our customers and business community is to share relevant ideas, information and industry news.<\/p>\n

In their introduction, ITBusinessEdge.com notes that, according to the Identity Theft Resource Center, over 500 data breaches have been reported this year in the U.S., representing an increase of 27.5 percent over the same period last year.<\/p>\n

Here are the highlights of Spitler’s informative slideshow, \u00abHacking A POS System\u00bb:<\/p>\n

Launch a Broad-Based Attack <\/b>against a known vulnerability using a watering hole. This is the most common technique used to compromise popular websites. Criminals use an \u00abexploit kit\u00bb to target known vulnerabilities in the operating systems and browsers used to access the targeted website. In the case of Home Depot, a vendor of the company was targeted first in order to ultimately gain access to Home Depot’s servers.<\/p>\n

Run a First-Level Analysis <\/b>of the compromised systems. \u00ab<\/b>The hackers will then look at what types of machines they’ve gained access to, what software is installed, what their IP addresses are, and what email addresses are being used,\u00bb Spitler writes.\u00a0\u00abThis analysis is done to see what assets have been brought in by the ‘net’ of the broad-based attack.\u00bb<\/p>\n

Identify Viable Targets <\/b>for a breach. Once the assets have been <\/b>obtained, <\/b>the criminals will likely then move to see if there were any major or minor retailers among the data gained from the attack. Spitler believes the criminals will then typically pick the biggest retailer and start working toward their objectives \u2014 compromising the corresponding point of sale terminals.<\/p>\n

Pivot Your Attack <\/b>within the corporate network and perform reconnaissance on the network to identify and execute on the machines and systems it can access.<\/p>\n

Target Known Vulnerabilities, <\/b>systematically move on your objectives and identify ways to access the point of sale terminals. \u00abIn the Target scenario, it was a relatively open network, so this was a very simple task,\u00bb Spitler writes. \u00abEither way, once the POS terminal points are identified, hackers will target a known vulnerability in the system and install the memory-scraping malware that harvests credit card information.\u00bb<\/p>\n

Ex-filtrate the Harvested Data <\/b>to move the credit card information from the point of sale terminals to a location of the criminal’s choosing. In the Target scenario, this was a FTP server in Eastern Europe, wherein the data then became available on the black market.<\/p>\n

Spitler advises AlienVault clients to mitigate attacks by identifying the security technologies deployed and defend them using techniques for mitigating the increasing number of attacks. His firm advocates threat intelligence sharing as a key component for being alerted to and staying ahead of attacks. He closes the slideshow by saying, \u00abIf more companies widely share the threat data they have, it’s likely to help prevent hackers from being able to breach a system and share your own personal data.\u00bb<\/p>\n

Read Russ Spitler’s full ITBusinessEdge.com post here<\/a>.<\/p>\n

For more insights into point of sale security, check out our related posts,\u00a0\u00abBackoff\u00bb Tracking Memory, Taking Credit<\/a>, Secure Your Payments, Or Pay The Piper<\/a> , In Loving Memory Of Your Credit Card Data<\/a>, and The \u00abinfostealer.rawpos\u00bb Trojan Hides, Covers Tracks<\/a>.<\/p>\n

Just as Sintel shares our vast point of sale experience and expertise with startup owners in order to help them make the best decisions from the very beginning, we are happy to share articles, advice and commentary about retail point of sale and security.<\/p>\n

Whether you’re a first-time franchise hopeful, a small business owner or an established chain, it’s always smart to stay on top of the latest point of sale best security practices to achieve financial success.<\/p>\n

If you are interested in learning more about Sintel\u2019s point of sale systems and how our knowledge and support can impact your future success, call us for a complimentary phone consultation.<\/p>\n

Sintel Systems<\/a>\u00a0is the only direct to end user full-service provider of tailored point of sale systems across retail, restaurant and service industries, including\u00a0frozen yogurt shops<\/a>,\u00a0pizzerias<\/a>,\u00a0sushi restaurants<\/a>,\u00a0caf\u00e9s<\/a>\u00a0and\u00a0retail stores<\/a>.<\/p>\n

As a single source for business solutions, our experienced, knowledgeable team negotiates the complex POS landscape for you to enable you to find the right POS system for your business and budget.\u00a0Hardware<\/a>\u00a0–\u00a0Software<\/a>\u00a0–\u00a0Support<\/a><\/p>\n

Questions or Comments:\u00a0Contact us<\/a>\u00a0855-POS-SALES\u00a0www.SintelSystems.com<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"

As news about point of sale data breaches continues unabated, it is perhaps worthwhile to consider the issue from the criminal’s point of view. One such example is a slideshow prepared by Russ Spitler, vice president of product management at\u00a0the security management firm AlienVault, and part of a post on the website ITBusinessEdge.com, \u00abFrom a […]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-631","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"czr-hentry"},"_links":{"self":[{"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/posts\/631","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/comments?post=631"}],"version-history":[{"count":1,"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/posts\/631\/revisions"}],"predecessor-version":[{"id":632,"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/posts\/631\/revisions\/632"}],"wp:attachment":[{"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/media?parent=631"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/categories?post=631"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sintelsystemspos.com\/es\/wp-json\/wp\/v2\/tags?post=631"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}