Report Puts PoS Malware Under the Microscope

If you think there has been a rise in point-of-sale malware lately, you are not imagining things.

In a new paper released today, Trend Micro examines the continued growth of point-of-sale (PoS) malware. According to Trend Micro, six new pieces of point-of-sale (PoS) malware have been identified so far in 2014. Four of these six variants were discovered between June and August: Backoff, BlackPOS version 2, BrutPoS and Soraya.

“Ever since the Target data breach came into the limelight, there has been a constant stream merchants/retailers publicly disclosing data breach incidents,” blogged Numaan Huq, senior threat researcher at Trend Micro. “These data breaches typically involve credit card data theft using PoS RAM scrapers.”

“The earliest evidence of PoS RAM scraping was in Visa’s Data Security Alert issued on October 2, 2008,” Huq blogged. “Back then, cybercriminals attempted to install debugging tools on PoS systems to dump Tracks 1 and 2 credit card data from RAM. In 2009, Verizon also reported of PoS RAM scrapers alongside its victim profiles; targets were primarily the retail and hospitality industries.”

PoS RAM scraper families really started to evolve around the end of 2011, and there has been a steady release of new PoS RAM scraper families as new attack techniques were developed, he added.

Businesses in the United States have been the biggest targets of PoS malware. According to Trend Micro, roughly 74 percent of PoS malware detections between April and June have been in the U.S. The Philippines and Japan were second and third on the list at 4.62 percent and 4.41 percent, respectively. The retail industry was the hardest hit, accounting for 67.51 percent of PoS malware detections.

“It is not surprising that the largest volume of detections was seen in the United States because the country’s economy is heavily geared toward purchasing goods and services using credit cards,” the report notes. “Consumers in other countries still tend to use cash or debit cards more than credit cards. The high volume of credit card transactions that companies process in the United States makes it a lucrative target for PoS RAM scrapers.”

The report recommends PoS system operators follow best practices for security, including the use of multitier firewalls to protect networks and restricting access to the Internet on PoS systems.

“Credit card data breaches are not slowing down any time soon, and cybercriminals have different techniques to target all industries,” said Jon Clay, senior manager of global threat communications at Trend Micro.

“However, our research has revealed that a high majority of PoS RAM scrapers affect the retail industry since these businesses have high credit card transaction volumes,” Clay said. “Therefore, it is imperative, now more than ever, that retailers must be on the lookout for these types of data breaches and put preventative measure in place to verify the authenticity of all transactions.”