00:00 AM
Connect Directly

POS Malware Continues To Evolve

New report out today details three prevalent families.

With a little over two weeks until the holiday shopping season kicks off in earnest, a picture of the evolution of point of sale (POS) malware has come into focus with a number of recent pieces of research of late. A common theme recurring throughout is that POS malware is increasingly maturing with different packages and families refined for specific attack scenarios.

Just today, researchers with Cyphort Labs released a report that dissected three families of POS malware associated with three distinct breach incidents at Target, Home Depot, and UPS over the past year--BlackPOS, FrameworkPOS, and Backoff respectively.

"Looking at the modes of operation of the three families one can clearly identify two directions: one from the targeted attacks on Target and Home Depot, and the other from the more generalized approach of Backoff," they wrote. "Targeted attacks are identified by the fact that the attacker chooses the target and specifically designs the attack, while in a general approach, the nature and identity of the victim are unknown to the attacker."

Tailored for attacks against dedicated targets, both FrameworkPOS and BlackPOS have got multi-functional components for persistence, memory scraping, process enumeration, and data exfiltration.

[Read the rest on Dark Reading]

Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading.  View Full Bio

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
11/20/2014 | 11:14:02 AM
Re: Botnet Tracking
There's already so much technological change happening at the point of sale with EMV, NFC and other capabilities. I think merchants don't fully understand all that change that is happening. And they definitely aren't cyber security experts. I think from a security standpoint you have a great suggestion Brook. But I doubt retailers will be implementing it any time soon.
Brook Zimmatore
Brook Zimmatore,
User Rank: Apprentice
11/19/2014 | 5:19:14 PM
Botnet Tracking
It's incredible to see the inadequecies in POS compliance. Tracking hundreds of active botnets these data feeds show hundreds of thousands of compromised POS terminals world-wide, all actively sending card feeds back to black market sellers. POS devices should be "black boxes" in terms of security. But you have these card machines hooked up to any old computer with USB access, open wifi connections and much more. The sophisticated malware families still find their way into large retail through the most creative means.

The only way I see this being thwarted is to have a quarantine function at the POS issuer level. Once the POS is deemed compromised by IP it is shut down.

Register for Bank Systems & Technology Newsletters
White Papers
Current Issue
Bank Systems & Technology
BS&T's 2014 Elite 8 executives are leading their banks to success, whether it involves leveraging the cloud, modernizing core systems, or transforming into digital enterprises.
Bank Systems & Technology Radio
Archived Audio Interviews
Join Bank Systems & Technology Associate Editor Bryan Yurcan, and guests Karen Massey and Jerry Silva from IDC Financial Insights, for a conversation about the firm's 11th annual FinTech rankings.