A new point-of-sale security threat poised to infect countless machines across the U.S. and Canada has been discovered by Trend Micro researchers. This infection, which has been dubbed GamaPoS, threatens to steal credit card data and jeopardize content security.
So far, the Trend Micro research team has found GamaPoS in 13 states in the U.S., as well as in Vancouver, Canada. This far-reaching malicious piece of software is utilizing the Andromeda botnet system, as well as some sophisticated email phishing techniques to spread to multiple systems all across North America.
What is a botnet?
Before we can go into the damage something like GamaPoS can do, it's important to know what a botnet system is. Basically, a botnet is a system of private computers that have been infected by a virus. These computers are owned by people that are completely unaware that their machines have been subjected to malware, and yet they are extremely dangerous to the public at large. Also called a zombie army, the botnet computers forward transmissions of infections to other computers, working tirelessly to increase the botnet's reach.
Andromeda is a botnet that came into scrutiny around 2011, and has been recruiting zombies for it's malicious intentions ever since. In the four years that this botnet is known to have been in operation, it's been extremely busy. Trend Micro found 9 known domains currently associated with Andromeda, all of which are hosted by a single IP address.
Although finding the IP address associated with the botnet may make you think researchers have discovered the culprit, cyber security management simply doesn't work like that. What Trend Micro has found is that 85 percent of the traffic going to this address originate in the U.S., which means Americans need to be especially wary of the Andromeda botnet.
Andromeda and GamaPoS utilize phishing
Like many botnet systems, Andromeda spreads its influence by using GamaPoS to send malicious malware via email intended to turn your computer into a zombie. This is basically a phishing scheme, where a hacker – much like a fisherman – throws a wide net over a large area, hoping to catch as many targets as possible.
Cyber criminals utilizing a phishing technique to gain access to your computer like to play the numbers game.The Canadian Get Cyber Safe campaign released an infographic that shows the process hackers go through when initiating a phishing scheme.
First, hackers send out a huge amount of emails containing a link that would compromise your computer if you click on them. According to the infographic, about 150 million phishing emails are sent out every single day. About 16 million of these make it through conventional spam filters, which are notorious for missing malicious emails from time to time. Of those 16 million, around 8 million are opened by the recipient. Finally, around 80,000 people fall for the scam, click the link and give up control of their machine as well as their personal data.
Although the Andromeda botnet doesn't work exactly like a standard phishing scheme, this information should show just how huge these kinds of campaigns are. Hackers are working day in and day out to gain access to your computer, and playing the numbers game allows them to do this on a massive scale.
Conventional email scanners aren't enough
If you have a standard email account, like Gmail, you probably have some kind of spam filter set up to keep out emails you don't need to read. Although these filters work well for lesser malware attempts, GamaPoS is entirely too sophisticated for them. The "spear phishing" technique used by GamaPoS utilizes advanced targeted attacks against specific industries, such as credit unions and restaurants, to bypass these lower-level cyber security measures and own machines.
When it comes to Andromeda and other targeted threats, you need complete protection from a global threat intelligence master. Thankfully, you don't need to search endlessly for a company smart enough to meet your cyber security needs. The Trend Micro Deep Discovery Email Inspector, part of the Trend Micro Custom Defense system, utilizes proven algorithms to sniff out malware-infected emails.
Our state-of-the-art techniques are on the front lines of modern cyber security, and our team of custom defense experts are working around the clock to develop technologies to help keep you safe.