Chuck Leaver – Trump Hotel Breach Was Due To Lack Of Visibility Of Point Of Sale Vulnerabilities

Written By Matthew Fullard Presented By Chuck Leaver CEO Ziften

Trump Hotels Point of Sale Vulnerabilities Emphasize Requirement for More Rapid Detection of Anomalous Activity

Trump Hotels, suffered a data breach, between May 19th 2014 and June 2, 2015. The point of infection utilized was malware, and infected their front desk computers, point of sales systems, and dining establishments. However, in their own words they claim that they “did not discover any proof that any customer information was removed from our systems.” While it’s reassuring to learn that no proof was found, if malware is present on POS systems it is most likely there to take information related to the payment cards that are swiped, or significantly tapped, placed, or waved. An absence of evidence does not imply the absence of criminal activity, and to Trump Hotel’s credit, they have provided complimentary credit tracking services. If one is to take a look at a Point of Sale (or POS) system however you’ll notice one thing in abundance as an administrator: They rarely alter, and software will be almost uniform throughout the deployment community. This can present both positives and negatives when considering protecting such an environment. Software changes are sluggish to take place, require rigorous testing, and are challenging to roll out.

However, due to the fact that such an environment is so homogeneous, it is likewise much easier to recognize Point of Sale vulnerabilities and when something brand-new has actually changed.

At Ziften we monitor all executing binaries and network connections that take place within an ecosystem the second they take place. If a single POS system started to make brand-new network connections, or started running new software applications, despite its intent, it would be flagged for additional review and assessment. Ziften likewise gathers unrestricted historic data from your environment. If you want to know exactly what happened six to 12 months ago, this is not a problem. Now dwell times and AV detection rates can be measured utilizing our integrated risk feeds, along with our binary collection and submission technology. Also, we’ll tell you which users executed which applications at what time throughout this historic record, so you can find out your preliminary point of infection.

Point of Sale issues continue to afflict the retail and hospitality industries, which is a pity given the fairly uncomplicated environment to monitor with detection and response.