The Potential POS Breach

 Exabeam recently discovered unusual behavior at one of our retail customers. On some of the most sensitive point of sale (POS) devices, a local account was added to a privileged active directory group. Some of the audit functionalities on these machines were then disabled and a few minutes later the account was removed from the privileged group and the audit functionalities were reactivated. This was happening on hundreds of POSs at recurring intervals, suggesting an automated and operational attack was in place. 

 When this was discovered, tension rippled throughout the organization. Haunting recollections of recent retail POS breaches at other companies were top of mind as some of the best minds in IT were rushed to a war room, forensic teams stood by and VPs instructed that they were to be updated over the course of the investigation – day or night. source