New PoSeidon Adventure is a POS Malware Threat to Retailers
New malware program PoSeidon targets retail POS credit card terminals. Lazarus Alliance QSA services protects clients against it.
Phoenix Arizona (12 News AZCentral) April 15, 2015
The stunning reality is that the majority of retailers accepting credit cards are still vulnerable to the newest threat to accepting credit cards from consumers. Lazarus Alliance has been years ahead with proactive cyber Security services.
Researchers from the Cisco Security Solutions team have dubbed the latest malware to attack point-of-sales (POS) systems PoSeidon. Compromised POS systems are vulnerable to these attacks, which allow the RAM of an infected terminal to be scanned by the malware. PoSeidon looks for unencrypted credit card data, and then transmits that data out to an exfiltration server controlled by the cyber criminals.
This technique has long been known to security experts. The Proactive Cyber Security™ services at Lazarus Alliance has been years ahead of this issue by offering solutions to companies that utilize POS systems that ensure this memory scraping technique does not compromise a payment process.
William Ochs, GRC Partner of Lazarus Alliance said “Not only has Lazarus Alliance long called for end-to-end encryption technology to be utilized to mitigate the risk posed by POS threats, but Lazarus Alliance also has a proven track record of offering actual solutions to implement end-to-end encryption protecting retailers globally.”
As long as organizations remain reactive instead of proactive in their approach to cyber security, they will continue to fail the constituents they work to protect. The PoSeidon POS malware program is another example in a daunting list of the challenges that face organizations concerned with their PCI DSS stance.
As a PCI DSS audit Qualified Security Assessor (QSA) company, Lazarus Alliance has been approved by the PCI Security Standards Council (SSC) to measure an organization’s compliance to the PCI DSS audit standard. Lazarus Alliance specializes in providing our clients with scalable, efficient solutions for meeting the rigorous demands of Payment Card Industry (PCI) compliance. We do this in part because of our breakthrough proprietary technologies called the IT Audit Machine (ITAM) and the Policy Machine.
“It’s incumbent upon security professionals to proactively advocate for best practices in cyber security, risk and compliance; too often, the opposite occurs in the industry,” said Ochs
Learn more about Lazarus Alliance and why Lazarus Alliance is Proactive Cyber Security™!
Strategic Fractional CMO | Reputation Management Specialist | Driving Business Growth Through Marketing Leadership & Brand Strategy | Expert in Customer Acquisition & Digital Presence Optimization | Gunslinger
1yMichael, thanks for sharing!
Industry Disruptor and Agent of Industry Change
10yGreat question with two perspectives! It depends on whether you are a customer of these companies or a business utilizing payment technology as part of your business relationship. As a business relationship, knowing what questions to ask and how to interpret the responses they provide is a start. Unfortunately that can be a cryptic game. Again, enlisting the assistance of a cyber security professional particularly one who is also a qualified security assessor (QSA) for PCI is highly recommended. As a consumer, becoming and activist with the companies you shop with helps. Their compliance (or not!) is a matter of public record. If a retailer does not provide solid assurances of their dedication to proactively protecting customers, take your business somewhere else! Thanks for the comment Charlotte.