Cyber security


“The post-Thanksgiving shopping frenzy will be Christmas come early for cybercriminals already gearing up for a mass credit-card haul on Black Friday, Small Business Saturday and Cyber Monday, a Check Point Software Technologies executive told IBD.

And if retailers haven’t already fortified their digital bulwarks, customer data are at risk as point-of-sale breaches skyrocket.

“There are retailers already compromised right now … they just don’t know it,” said Daniel Wiley, head of security for Check Point (NASDAQ:CHKP). “The reality is the attackers are already ready to go.”

Retail payment terminals are often shipped Wi-Fi-capable and with default passwords, opening a witch’s brew of hacking possibilities, Gary Miliefsky, CEO of privately held security vendor SnoopWall, told IBD.

“They are becoming Internet devices,” he said.

Between 2013 and 2014, point-of-sale breaches doubled, he said. Target (NYSE:TGT) had a breach of some 40 million credit card numbers during a 19-day, post-Thanksgiving 2013 assault. Last year, Home Depot (NYSE:HD) had a whopping 56 million credit card numbers compromised in a breach.

More recently, Hilton Worldwide (NYSE:HLT) and Starwood Hotels & Resorts Worldwide (NYSE:HOT) put guests on alert that malware could have stolen cardholder names, card numbers, security code and expiration dates. Both hotels are now scrubbing their systems ahead of the holiday rush.

ISight Partners, which discovered the Hilton malware, called it “the most sophisticated point-of-sale malware we have seen to date.” ModPOS, which stands for modular point-of-sale, was written in 2012 and potentially has Eastern European ties.

The malware places “a very heavy emphasis on obfuscation and persistence” and went undetected for years, iSight wrote in a paper.

“In a nutshell, this is not your daddy’s run-of-the-mill cybercrime malware,” iSight wrote.”