Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

Report Puts PoS Malware Under the Microscope

If you think there has been a rise in point-of-sale malware lately, you are not imagining things.

If you think there has been a rise in point-of-sale malware lately, you are not imagining things.

In a new paper released today, Trend Micro examines the continued growth of point-of-sale (PoS) malware. According to Trend Micro, six new pieces of point-of-sale (PoS) malware have been identified so far in 2014. Four of these six variants were discovered between June and August: Backoff, BlackPOS version 2, BrutPoS and Soraya.

“Ever since the Target data breach came into the limelight, there has been a constant stream merchants/retailers publicly disclosing data breach incidents,” blogged Numaan Huq, senior threat researcher at Trend Micro. “These data breaches typically involve credit card data theft using PoS RAM scrapers.”

“The earliest evidence of PoS RAM scraping was in Visa’s Data Security Alert issued on October 2, 2008,” Huq blogged. “Back then, cybercriminals attempted to install debugging tools on PoS systems to dump Tracks 1 and 2 credit card data from RAM. In 2009, Verizon also reported of PoS RAM scrapers alongside its victim profiles; targets were primarily the retail and hospitality industries.”

Advertisement. Scroll to continue reading.

PoS RAM scraper families really started to evolve around the end of 2011, and there has been a steady release of new PoS RAM scraper families as new attack techniques were developed, he added.

Businesses in the United States have been the biggest targets of PoS malware. According to Trend Micro, roughly 74 percent of PoS malware detections between April and June have been in the U.S. The Philippines and Japan were second and third on the list at 4.62 percent and 4.41 percent, respectively. The retail industry was the hardest hit, accounting for 67.51 percent of PoS malware detections.

“It is not surprising that the largest volume of detections was seen in the United States because the country’s economy is heavily geared toward purchasing goods and services using credit cards,” the report notes. “Consumers in other countries still tend to use cash or debit cards more than credit cards. The high volume of credit card transactions that companies process in the United States makes it a lucrative target for PoS RAM scrapers.”

The report recommends PoS system operators follow best practices for security, including the use of multitier firewalls to protect networks and restricting access to the Internet on PoS systems.

“Credit card data breaches are not slowing down any time soon, and cybercriminals have different techniques to target all industries,” said Jon Clay, senior manager of global threat communications at Trend Micro.

“However, our research has revealed that a high majority of PoS RAM scrapers affect the retail industry since these businesses have high credit card transaction volumes,” Clay said. “Therefore, it is imperative, now more than ever, that retailers must be on the lookout for these types of data breaches and put preventative measure in place to verify the authenticity of all transactions.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this event as we dive into threat hunting tools and frameworks, and explore value of threat intelligence data in the defender’s security stack.

Register

Learn how integrating BAS and Automated Penetration Testing empowers security teams to quickly identify and validate threats, enabling prompt response and remediation.

Register

People on the Move

After the passing of Amit Yoran, Tenable has appointed Steve Vintz and Mark Thurmond as co-CEOs.

Former Wiz executive Trish Cagliostro has joined Orchid Security as Chief Revenue Officer.

Transcend has named former UnitedHealth Group CISO Aimee Cardwell as CISO in Residence.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.