Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

POS Malware on the Rise in Cyber Underground

Point-of-sale (POS) malware has been the sharp end of the stick for attackers recently.

Tied to attacks on businesses from Target to Neiman Marcus, POS malware is becoming more prevalent in the cyber-underground.

Point-of-sale (POS) malware has been the sharp end of the stick for attackers recently.

Tied to attacks on businesses from Target to Neiman Marcus, POS malware is becoming more prevalent in the cyber-underground.

“The fourth quarter of 2013 will be remembered as the period when cybercrime became real for more people than ever before,” said Vincent Weafer, senior vice president for McAfee Labs, in a statement. “These cyber thefts occurred at a time when most people were focused on their holiday shopping and when the industry wanted people to feel secure and confident in their purchases. The impact of these attacks will be felt both at the kitchen table as well as the boardroom table.”

“For security practitioners, the off-the-shelf genesis of some of these crime campaigns , the scale of operations, and the ease of digitally monetizing stolen customer data all represent a coming of age for both Cybercrime-as-a-Service and the dark web overall,” he said. 

Several POS malware families have grown in prevalence during the past few years, including BlackPOS, Dexter, ProjectHook and others, many of which are available for purchase online. According to researchers at McAfee, BlackPOS for example is an ‘off-the-shelf’ exploit kit for sale that can easily be modified and redistributed with “little programming skill or knowledge of malware functionality.” The source code for BlackPOS has also been leaked multiple times, allowing anyone to modify or employ the code for their own purposes.

“POS systems, just like any other computing system, are susceptible to attacks against unpatched software, the global internet, traffic interception and physical compromise or architectural flaws,” said Michael Belton, head of Rapid7’s assessment team. “Based on our experience with these systems, common configuration errors, missing patches and compromised user credentials are the most common points of attack.”

Just recently, Arbor Networks took a look at the Dexter malware and tied a person operating under the alias ‘rome0’ to activity around it. Just who that is remains a mystery.

“The individual using the name ‘rome0’ is well established in the underground carding scene,” explained Dave Loftus, security research analyst at Arbor Networks. “While his or her true identity is unknown, we believe he or she may reside in France based on information obtained from multiple carding forums. We [also] have seen Alina, Project Hook, Dexter, VSkimmer, and JackPos point-of-sale malware used by someone operating under the name ‘Rome0’. It’s still unclear if this is the same individual active on underground forums or an imposter.”

Advertisement. Scroll to continue reading.

Back in November, Arbor Networks’ Security Engineering & Response Team (ASERT) found multiple vulnerabilities in two versions of Dexter’s control panel that allow stolen data to be stolen by malicious third-parties for a second time after being stolen by the malware the first.   

“ASERT does not have an exact count of the number of worldwide Dexter or Project Hook attacks, but we estimate that the number of infections is in the thousands based on the infection data obtained so far,” Loftus said. “We have seen concentrations of Dexter infections within the APAC region, and Project Hook within North America and Europe.”

“We believe smaller organizations have been primarily targeted by these threats,” he explained. “Dexter and Project Hook are commodity malware that are not tailored to their targeted organizations. Therefore, due to their general nature and the types of businesses that we have seen compromised, smaller organizations that have relaxed security practices are most likely at risk.”

It is important to note that regulatory compliance does not equal security – something underscored by the Target breach, Belton noted.

“A company’s security posture is only as strong as their weakest business partner,” he said, adding that “there is no such thing as perfect security. Target heavily invested in protecting customer data, but the fact that a strong security program can be undermined with smart planning is certainly unsettling.”

Related Reading: Cybercriminals Entrenched in ‘Dark Web’: Researchers

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.