Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Report Puts PoS Malware Under the Microscope

If you think there has been a rise in point-of-sale malware lately, you are not imagining things.

If you think there has been a rise in point-of-sale malware lately, you are not imagining things.

In a new paper released today, Trend Micro examines the continued growth of point-of-sale (PoS) malware. According to Trend Micro, six new pieces of point-of-sale (PoS) malware have been identified so far in 2014. Four of these six variants were discovered between June and August: Backoff, BlackPOS version 2, BrutPoS and Soraya.

“Ever since the Target data breach came into the limelight, there has been a constant stream merchants/retailers publicly disclosing data breach incidents,” blogged Numaan Huq, senior threat researcher at Trend Micro. “These data breaches typically involve credit card data theft using PoS RAM scrapers.”

“The earliest evidence of PoS RAM scraping was in Visa’s Data Security Alert issued on October 2, 2008,” Huq blogged. “Back then, cybercriminals attempted to install debugging tools on PoS systems to dump Tracks 1 and 2 credit card data from RAM. In 2009, Verizon also reported of PoS RAM scrapers alongside its victim profiles; targets were primarily the retail and hospitality industries.”

Advertisement. Scroll to continue reading.

PoS RAM scraper families really started to evolve around the end of 2011, and there has been a steady release of new PoS RAM scraper families as new attack techniques were developed, he added.

Businesses in the United States have been the biggest targets of PoS malware. According to Trend Micro, roughly 74 percent of PoS malware detections between April and June have been in the U.S. The Philippines and Japan were second and third on the list at 4.62 percent and 4.41 percent, respectively. The retail industry was the hardest hit, accounting for 67.51 percent of PoS malware detections.

“It is not surprising that the largest volume of detections was seen in the United States because the country’s economy is heavily geared toward purchasing goods and services using credit cards,” the report notes. “Consumers in other countries still tend to use cash or debit cards more than credit cards. The high volume of credit card transactions that companies process in the United States makes it a lucrative target for PoS RAM scrapers.”

The report recommends PoS system operators follow best practices for security, including the use of multitier firewalls to protect networks and restricting access to the Internet on PoS systems.

“Credit card data breaches are not slowing down any time soon, and cybercriminals have different techniques to target all industries,” said Jon Clay, senior manager of global threat communications at Trend Micro.

“However, our research has revealed that a high majority of PoS RAM scrapers affect the retail industry since these businesses have high credit card transaction volumes,” Clay said. “Therefore, it is imperative, now more than ever, that retailers must be on the lookout for these types of data breaches and put preventative measure in place to verify the authenticity of all transactions.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.