10/28/2014

POS (POINT of sales) hardware connected to the internet is a new goldmine for hackers

yep, they are doing it again

connecting things to the internet without the big defenses for it (proxies, vpn, ....) so you can't get to the machine itself (that costs too much)

no, you connect for maintenaince your Point of Sales hardware directly to the internet so it can be directly updated and managed from the internet (easy it looks and everybody is doing it)

now that they have laid of all that staff that was giving technical support to their POS because they did it 'over the internet' they are paying dearly for this 'cheap' solution 

in fact they are paying millions every month because thousand and thousands of systems are infected (and how are you going to clean all that without all the technical staff that you have laid off, brother ?) 

and if at the same time you don't encrypt the data from end to end and the technical staff that has access to those systems use default or bad passwords and doesn't react to all those securityalerts for months (because not enough staff for too much work doing all those things over the internet, and hey it is not in my job description (which is right, you need some-one doing nothing else but looking at all those things happening everywhere) 

than you lose millions of data and millions of dollars and what is even worse you lose enormously much money to clean up the mess and your stock takes a hit and according to a survey last week more than half of all customers won't go to the chains that were impacted by the latest attacks on their POS infrastructure (maybe you should install big moneymachines in those shops so people can get the cash out and pay with cash as they don't trust your POS infrastructure for their cards and accounts)

and they have any reason to worry because it now seems that what the banks and financial institutions were saying in the beginning that they didn't see any fraud with those thousands or millions of financial data that was lost, is not true anymore. It looks as if the data has been sold to some operators or that some accounts are only attacked or emptied right now (when maybe everybody is losing attention because it is already some time ago)

and meanwhile the attackers have learnt so much and have so much money in their pockets (and that of their women who are very happy about their naughty boys) that they can now bypass any firewall or antivirus and can only be stopped by ..... threat intelligence. Ohlalalala this means that you need people who watch, who analyse and that the big economy you think you were going to have in the first place is now also up in smoke because you will have to pay enough people enough money to look every day every moment at logs and events and check and doublecheck and investigate thinks. If you think that this can be done by a computer or robot, think again. Programs can help but they can't stop the attackers. 

and so to keep themselves rich and their women happy they are now attacking in full force the POS installations and software because it is the biggest moneyfarm that is available for free now and that is not being defended as it should be - why make life difficult with hacking banks if you can get the same information just by those POS installations of some supermarket chain (and know what, once you get into one, you can get in all of them because they have set them up all the same way - economies you know)

Permalink | |  Print |  Facebook | | | | Pin it! |

The comments are closed.