Combatting point-of-sale malware

From Botnets.fr
Jump to navigation Jump to search

(Publication) Link to the old Wiki page : [1] / Google search: [2]

Combatting point-of-sale malware
Botnet
Malware
Botnet/malware group Point-of-sale
Exploit kits
Services
Feature Keylogger, Memory scrapping, Network sniffing
Distribution vector
Target Aloha, Radiant, Oracle MICROS, PosiTouch, Xpient, Digital Dining, Grandbury, Firefly
Origin
Campaign
Operation/Working group
Vulnerability
CCProtocol
Date 2014 /
Editor/Conference Trustwave
Link http://www2.trustwave.com/rs/trustwave/images/Special Report Combatting Point of Sale Malware.pdf (Archive copy)
Author
Type White paper

Abstract

Cybercriminals continue to maintain their lead in the malware race. As security technology advances in an effort to detect or protect against malware, so too does the malware itself. Attackers are dedicated, persistent and clever. Criminals follow their own software development lifecycle (SDLC) and test and retest their malware against anti-virus solutions to ensure it evades detection. They incorporate usernames, passwords and network addresses for their specific targets into their code. And as long as money can be made from the spoils of their conquests, they won’t let up.

One especially lucrative target for attackers is retail point-of-sale (POS) systems. If report after report of breached retailer after breached retailer hasn’t already provoked concern, it’s time for businesses to get informed about POS malware and develop a strategy to address it. Traditional security controls are not enough. Not only is a defense-in-depth strategy imperative, but businesses also need to prepare to detect and respond to a breach of their systems.

In this document, we describe the POS malware we’ve encountered in our forensics investigations and security research, explain how it’s installed on POS systems, discuss why anti-virus (AV) solutions are not enough to detect such malware and provide recommendations to address the problem. However, this paper won’t provide all of the answers. Operating under the assumption that you will be compromised is one of the better ways to increase the chances that you detect a breach when it occurs and respond appropriately to contain and mitigate it.

What is Point-Of-Sale (POS) Malware?

Point-of-sale (POS) malware is highly customized malicious software written to identify, aggregate and exfiltrate cardholder data (CHD). According to estimates, cybercrime and data breaches involving POS malware have driven organized crime profits into the billions of dollars.

Bibtex

 @misc{empty2014BFR1618,
   editor = {Trustwave},
   author = {},
   title = {Combatting point-of-sale malware},
   date = {28},
   month = Mar,
   year = {2014},
   howpublished = {\url{http://www2.trustwave.com/rs/trustwave/images/Special_Report_Combatting_Point_of_Sale_Malware.pdf}},
 }