Attacks Against Point of Sale Machines on the Rise
Myth: If I don't own a computer, I don't have to worry about cyber security.
Fact: Cyber Security affects everyone, even those without computers.
Did you know that you could become a victim of a cyber crime without ever owning a computer or smart phone?
Over just the past two years, cyber attacks against Point of Sale machines have drastically increased. What initially started as a collection of isolated incidents has quickly grown into a continuous stream of attacks against major retailers.
Cyber criminals have learned that it's much easier to attack the Point of Sale machines directly, instead of attacking the databases retailers use to store payment information. This means an increased threat to consumers and merchants.
Interestingly enough, looking at previous years' attacks, most attacks against Point of Sale occur between November 1 and December 25. Why? Because these are the busiest shopping days for the Christmas season. Cyber criminals will intentionally target these dates to obtain the largest number of credit/debit cards possible. Unfortunately, until PCI-DSS standards are revised to require more strict security requirements for Point of Sale machines, consumers will continue to be at risk.
Fortunately there are steps consumers can take to reduce their risk this holiday season.
1) Shop using cash, or a major credit card (NOT a bank card). Using cash is safest, but may not be practical for expensive purchases. Most, if not all, major credit cards offer fraud protection - meaning if your card number is stolen through a Point of Sale attack, you won't be liable for fraudulent charges. While most bank debit cards offer the same protection, it may take an extended time period to refund fraudulent charges - which means if your bank account is drained by a cyber criminal, you may be unable to pay your bills until the matter is resolved!
2) Avoid ATMs at gas stations and malls, and take notice if your regular ATM suddenly changes. ATM "skimmers" are increasingly popular with criminals, and allow criminals to create complete duplicates of your ATM card, complete with your PIN.
Protecting your Computer in the 21st Century - You Are a Target!
Myth: There isn't anything worth stealing on my computer.
Fact: Anyone who uses a computer has sensitive data stored somewhere on their system.
If you do own a computer, your computer is more valuable to a cyber criminal than you think. Do you perform any online shopping or banking? Do you email or chat with friends? Any of these activities could be of interest to a cyber criminal. If your computer is not properly protected, it will be compromised within minutes of connecting to the internet. Despite the large size of the internet, cyber criminals are constantly scanning looking for new systems to attack.
Myth: The internet is so big that nobody would ever single out my computer and/or online accounts.
Fact: Hackers use automated systems to continually probe the Internet and find unsecured computers.
In an experiment conducted by USA TODAY in 2004 - an unprotected computer on the Internet survived only four minutes before being completely compromised by an attacker. A total of over eight thousand attacks per day were recorded against a Windows XP system during the experiment.
On my own honeypot systems, I have conducted similar experiments, with very similar results.
Once compromised, malware infected systems not only "phone home" with any sensitive data (passwords, credit card numbers, etc.), but also begin scanning the rest of the internet to further the infection. By not protecting your computer system, you put your own personal information, as well as the personal information of others, at risk.
Even Deleting All Personal Data from Your Computer Won't Prevent Data Theft
Myth: I deleted all my sensitive information from my computer, so I'm safe now.
Fact: Files deleted from a computer can be easily recovered. Additionally, data can be obtain by looking at active memory, or from online activity.
Even when data is deleted from a hard disk, it can typically be recovered with very simple techniques and software. This further reinforces the need to protect your computer through firewall and antivirus software - because the cyber criminals know how to leverage these techniques. If you ever want to sell or dispose of an old computer, consider physical destruction of the hard disk - if you're not comfortable doing this yourself, a local computer repair shop may be able to assist.
Data can be also easily obtained through "RAM scraping" - looking at the contents of active memory, instead of what's on the hard disk. This technique allows attackers to obtain a live stream of everything which happens on your computer - from shopping on your favorite website to uploading a picture to your email or social network site. And remember - once you upload something or enter data into a website - it's stored forever, somewhere.
Protecting the Your PC is EXTREMELY Important
Myth: Firewalls and antivirus are sufficient for protecting my computer.
Fact: System software must be updated regularly to ensure the latest security measures are in place.
In closing, it's extremely important to make sure your computer is properly protected. I recently had the opportunity to help educate Sam's Club members of the importance of being safe online through my "Safe Online Checklist" and "PC Security Resources" handouts during Hagerstown, MD Sam's Club's "Safety Day". Also present were the Hagerstown Fire Department, as well as a company providing free child ID kits and fingerprinting. One of the most important questions the Fire Department asked was "Do you have smoke detectors in your home?" followed by "Do they work?". Similar questions should be asked of home computer systems. Does your computer have antivirus and firewall software installed? Is it up to date?
Much like a smoke detector with a dead battery, without being up to date, firewall and antivirus software is completely useless. If your antivirus software's subscription expired - feel free to switch to one of the free alternatives listed in my "PC Security Resources" handout.