With a huge number of credit card breaches, hackers are dedicating a lot of time for small profits on the dark web.

In Sonic's case, the stolen cards are going for between $25 and $50. It’s basically supply-and-demand fundamentals. Data breaches become more prevalent and, thus, the market for stolen credit cards is flooded, driving the price down.

So what’s next? We believe it’s the potentially devastating threat of point of sale (POS) ransomware. If retailers don’t protect themselves properly, this isn’t much of a stretch.

Rather than gain access to a chain’s POS to exfiltrate credit cards over months (or even years), cybercriminals could deploy ransomware that shuts down the POS systems, effectively bringing the business and all revenue to a screeching halt.

This would likely prompt stores to pay the ransom right away, allowing the threat actors to profit within minutes. And with the impressive success of the global WannaCry and NotPetya outbreaks, cybercriminals are taking notice of what works.

Here’s what retailers can do to better prevent both card-siphoning malware and ransomware attacks from happening to them:

Deploy a managed firewall. This can detect malware entering and sensitive data exiting the network).

Implement file integrity monitoring, This will tell you when files have changed that weren’t supposed to change.

Adopt unified threat management appliances. These are used to integrate security features such as firewall, gateway antivirus and intrusion detection.

Bolster security information. This should ideally be done along with deploying dormant malware hunting capabilities. By doing this, you can centrally collect, store, and analyze log data and other data from various systems to provide a single point of view from which to be alerted to potential issues.

Use managed detection and response. You can bring advanced threat detection and response specifically to the POS systems to reduce malware detection gap and incident response times).

Deploy next-generation endpoint security solutions. These are used to stop attacks on the endpoint computers and servers before they can wreak havoc on other systems).

Merchants should also remember that being PCI compliant may not be (and is usually not) the same thing as being secure. It’s one thing to do basically the bare minimum to meet compliance mandates, but it’s completely another thing to do IT security properly. Properly locked down POS systems take a willingness to bring in experts who have "been there, done that" and know how to keep payment terminals locked down and immediately detect any unauthorized access or processes.

John Christly

John Christly

John Christly is global chief information security officer of Netsurion.