Skip to content ↓ | Skip to navigation ↓

The recent and highly publicized Vera Bradley point-of-sale (POS) malware infection grabbed my attention and reminded me of the following principle from Sun Tzu’s The Art of War:

“If you know the enemy and know yourself, you need not fear the result of a hundred battles.”

In this case, the enemy is POS malware. These malicious programs have been around for sometime, and they continue to evolve, but a lot of their typical behaviors are known. If you have that level of insight, you can be more proactive in protecting your point-of-Sale environment.

This is somewhat similar to the vulnerability predicament. Forty-four percent of data breaches result from known and published vulnerabilities that have not been patched (Forbes Insight/BMC), which leaves the hacker in a position to find and exploit it. This is likely to happen during the holiday season when many retailers freeze their systems and implement minimal updates on their networks.

But back to the issue at hand. Based on the investigative findings from Mandiant, the POS malware involved in the Vera Bradley breach behaved as follows:

  1. Obtained unauthorized access.
    1. Through brute force attacks, stolen credentials, or perhaps a keylogger that is responsible for monitoring keystrokes.
    2. More likely as a result of remote access, which is a common approach to technical support for POS.
    3. Or access through unauthorized network interfaces.
  2. Installed an unauthorized program or application.
  3. The program was designed to find data, maybe through RAM scraping that is responsible for reading the memory of all processes running on the system.

Knowing these malware behaviors is a critical step to preventing a data breach like this.


Wouldn’t it be cool if you had this insight? Maybe it was shared daily from the threat intelligence community, so you could be on the lookout for it.

There are many threat intelligence communities, but there is one dedicated to the retail market, and that’s R-CISC. Given the fact that retailers share similar infrastructure, they share similar threat landscapes for cyber threats.

Now imagine if there were technology that automatically looked for POS malware behaviors as a policy. This would change the detection time to hours versus the weeks-to-months’ scenario.

POS malware is constantly mutating, so retailers’ ability to detect malware attacks is based on specific behaviors and not simple file signatures like many anti-virus products. In addition, the technology could also monitor POS systems for changes to investigate for malicious intent.

Interested in learning more on this type of solution? Look no further. Hear from an industry analyst about your options.