A recent article in Inc. highlights the risks of swiping your credit card at the gas pump. Visa, the credit company, issued a security warning to alert customers of the threat posed by a hacking group called Fin8 — “The hackers are exploiting a weakness in gas station point-of-sale networks that allow the hackers to remotely obtain credit card information from gas pumps.” They use scraping software to steal unencrypted credit card information that is transmitted when the gas pump card reader uses only the magnetic strip and not a chip or PIN.
The Visa security alert notes, “It is important to note that this attack vector differs significantly from skimming at fuel pumps. The targeting of POS systems requires the threat actors to access the merchant’s internal network which takes more technical prowess than skimming attacks. Fuel dispenser merchants should take note of this activity and deploy devices that support chip wherever possible, as this will significantly lower the likelihood of these attacks.“
The challenge here, for many gas station operators, is the cost to switch to POS terminals that support credit card chip technology. This cost is estimated to be upwards of $250,000.
The Visa security alert lays out several recommended actions for merchants to mitigate the threat from these types of attacks. Along with these recommendations, we also provide a few suggestions to leverage Kaseya solutions to implement these proposals.
- Employ the IOCs (indicators of compromise) contained in the report to detect, remediate, and prevent attacks using the POS malware variant.
- Secure remote access with strong passwords, ensure only the necessary individuals have permission for remote access. Disable remote access when not in use, and use two-factor authentication for remote sessions.
- Kaseya VSA, our endpoint management and remote monitoring solution, allows you to control access by user role and scope. It also provides 1-Click access to allow authorized technicians to remotely access endpoints without having to know or manage credentials. VSA generates admin-level credentials on-the-fly and discards them once the session is completed.
- Enable EMV technologies for secure in-person payments (chip, contactless, mobile and QR code).
- Provide each admin with their own user credentials. User accounts should also only be provided with the permissions vital to job responsibilities.
- Turn on heuristics (behavioral analysis) on antimalware to search for suspicious behavior, and update antimalware applications.
- Kaseya VSA is integrated with leading antivirus and antimalware tools such as Bitdefender and Malwarebytes. Manage AV/AM deployments from a single pane of glass in your endpoint management solution.
- Monitor network traffic for suspicious connections, and log system and network events.
- Traverse is Kaseya’s solution for advanced network performance monitoring and management. It has a built-in event manager that collects, filters, categorizes, and displays a variety of events such as SNMP traps, Win events, and Syslogs. Traverse is integrated with VSA to provide visibility of network information, such as network topology maps, in VSA.
- Implement Network Segmentation, where possible, to prevent the spread of malicious software and limit an attacker’s foothold.
- Maintain a patch management program and update all software and hardware firmware to most current release to limit the attack surface for zero-day vulnerabilities.
- Kaseya VSA automates software patch management to ensure all of your endpoints are up to date with the latest patches, including critical security patches.
Maintaining security for your business and your customers is a critical but highly challenging task. Stay one step ahead of hackers by implementing these recommendations.
To learn more, download our eBook 5 Ways to Improve the Security of Your Business