It’s been over 10 months since the Target security breach that rocked the retail industry, and that turned out to be only the beginning. Hundreds of other POS systems have been successfully attacked by hackers looking to gain customer payment information.
Earlier this month, Sears announced that almost every Kmart location in the U.S. had been compromised, and Dairy Queen wasn’t far behind. 400 of the restaurant’s locations were breached.
Businesses as diverse as P.F. Chang’s, Neiman Marcus and Supervalu have followed in Target’s now-notorious footsteps, and even a few independent businesses, like local pizzerias, have been affected by breaches.
Kmart and Dairy Queen both report that the breaches have been dealt with and customers will be provided with free credit reporting, but why do the attacks keep succeeding in the first place?
Many security researchers suspect that cybercriminals are managing to stay one step ahead as retailers everywhere strengthen their defenses.
Most of the companies were breached through their point-of-sale systems, which are typically used to streamline purchasing processes and organize sale systems by suppliers and parent relationships. The malware found on Kmart’s POS system was reportedly undetectable by current anti-virus technology.
Dairy Queen pointed to Backoff, a form of malware that’s been found on many breached systems. Backoff gains access to administrator accounts through functions like remote desktops, and steals customer data without ever entering a store. The Secret Service, the National Cybersecurity and Communications Integration Center and several security experts warned retailers about Backoff in July, but it hasn’t been enough.
Even once Backoff was identified, the process to fortify antivirus programs against it isn’t a simple one, especially since each deployment features several technical differences. It doesn’t help that successful cybercriminals are likely investing their profits in better malware.
Experts are concerned that more advanced malware would be able to target smaller retailers with less security and a reduced ability to refund customers.