PoS Malware Kits Rose in Underground in 2014: Report

Thursday, February 12, 2015

Brian Prince

0ead717779244d9aab5c1699308850d2

2014 will be remembered for many things. But for those whose credit or debit card information was swiped in a data breach, it may be remembered as the year when a wave of point-of-sale malware crashed into retailers big and small.

In its annual Global Threat Intel Report, security firm CrowdStrike noted that criminals began increasingly turning to ready-to-use point-of-sale (PoS) malware kits in the cyber-underground. According to Adam Meyers, vice president of intelligence at CrowdStrike, the price of these kits varied depending on their complexity, with some going for tens of dollars and others costing in the hundreds or thousands.

The attacks infected terminals with malware designed to steal credit card information as they are swiped by customers. The malware runs in the background of the terminal, and continuously scans memory for unique patterns found on a card's magnetic strip and send matching data to an attacker-controlled server, the report explains.

"In 2014, while several major companies were coping with breaches of their PoS infrastructure, many smaller retailers were facing the same threat from less-organized groups," according to the report.

"Malware such as BlackPoS requires a bit of strategic planning on the part of the adversary; much of the system lacks the point-and-click intuitive nature of commodity botnets," the report continues. "For less-organized or less-skilled adversary groups, an off-the-shelf kit such as Dexter PoS may allow for exploitation and offensive capabilities that may not otherwise be possible."

The report notes that the explosion of PoS malware may be mitigated by the adoption of EMV standards (Europay, MasterCard and Visa) as well as the growth of payment options such as Google Wallet and Apple Pay.

"Adoption of these newer payment processes should provide consumers with more secure payment methods and make it more difficult for criminals seeking to make money off these systems," according to the report. "There will be some lag time in 2015 as retailers and banks move to put these improvements in place, during which cybercriminals will still be able to exploit the current, antiquated payment processing systems in the U.S. However, the newer processes, once in place, should lead to a decline in the type of PoS attacks seen over the past year." 

Read the rest of this story on SecurityWeek.com. 

23643
Firewalls IDS/IDP Network Access Control Network->General SCADA Budgets Enterprise Security Policy Security Awareness Security Training
Post Rating I Like this!
Default-avatar
Jennifer Marton For the fans of celebrities outfits here you can get the best quality celebrity replica leather jacket at affordable price with free shipment on order over $200. get this offer right now....
http://celebsleatherjackets.com
1423816125
Default-avatar
Lisa Harris Exciting posting for all! This subject as you does marvelous in composition and in implementing the concept. Thanks much
Visit This Resident Evil 6 Jacket: http://desertleather.com/Resident-Evil-6-Leon-Kennedy-Black-Jacket


1423913240
Default-avatar
mical3211 mical3211 All you need is ignorance and confidence and the success is sure.
Online Pharmacy
1424091602
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.