Bit9

It is amazing that all of the recent attacks against Point of Sale (POS) terminals share similar parameters -- these attacks were done by unauthorized applications that do the dirty work. 73% of attacks come from outside of the organization, with Eastern European focusing on getting to the data available through our POS systems. A full Verizon Business report is available summarizing some 500 data breach investigations that the company has done over past few years. The majority of the attacks use a "foothold" -- a Trojan, bot or a persistent exploit to grab the data.

More disturbingly, in the recent Identity Theft Resource Center's report is that 82 percent of victims learned about the breach from their creditors or worse, collection agencies. Going down the path of shame -- 62 percent of the respondents to the ITRC survey reported that thieves had committed crimes, such that warrants were issued in the victim's name. That should really be a rallying call for all of us.

The interesting thing is that most of these attacks could have been prevented by simply locking down the perimeter servers or Point of Sale terminals that are used as entry points to the network. 

One of the new ways to do this is to employ Application Whitelisting, which can clearly articulate what types of software are trusted, e.g. signed by your department or your trusted set of vendors, so only those trusted applications are allowed to run.