• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   POS malware strikes again

POS malware strikes again

  • Posted on:August 15, 2016
  • Posted in:Industry News, Security
  • Posted by:Christopher Budd (Global Threat Communications)
0
POS malware is still a huge problem.

Once again, point-of-sale malware has been making headlines. A few new recent attacks have again brought the importance of protecting against this kind of malware to the forefront of cyber security managers' minds. In the past, POS malware has been in and out of the limelight, with one of the most important examples being the attack on Target's systems that impacted more than 40 million people in 2013.

POS malware attacks can be devastating to companies' reputations and pocketbooks alike. Target had to pay victims of this attack $10 million on top of whatever damage inflicted on its brand image after rampant credit card fraud took place after the breach. This attack serves as a warning to retailers around the world about the consequences of infiltration by POS malware, but events like these – albeit on a smaller scale – continue to occur.

MICROS terminals impacted by breach

One incident of POS malware occurred recently to the detriment of an Oracle division called MICROS. This company is one of the world's top three POS services, with systems being used at more than 300,000 cash registers around the world. In early August, however, MICROS suffered a security breach that impacted around 700 systems. According to cyber security expert Brian Krebs, intruders inserted malicious code into the support portal for the POS software, which allowed them to steal customer usernames and passwords.

"A source briefed on the investigation says the breach likely started with a single infected system inside of Oracle's network that was then used to compromise additional systems," Krebs wrote. "Among those was a customer 'ticketing portal' that Oracle uses to help MICROS customers remotely troubleshoot problems with their [POS] systems."

Krebs also noted that the malware may have been connected to a Russian hacker group called the Carbanak Gang, which is part of a crime syndicate that has reportedly stolen more than $1 billion from banks and retailers across the globe. This means that this incident isn't something to simply brush off; if this crime group were to gain access to more MICROS portals or other Oracle networks and cloud service offerings, it could be very bad news for the tech giant.

PunkeyPOS reemerges

On top of the MICROS breach, other POS malware continues to flourish. According to Security Intelligence contributor Larry Loeb, PunkeyPOS, which came to light earlier this year when it infected hundreds of restaurant sales terminals, has a new friend called POSCardStealer.

The criminal group responsible for PunkeyPOS uses legitimate LogMeIn credentials. LogMeIn is a program retailers and other businesses use to manage remote devices – in other words, these hackers are merely taking advantage of weak logins in order to infiltrate these systems. The POSCardStealer malware appeared during a PunkeyPOS attack, and would download itself to systems running the LogMeIn software.

"After 14 hours, the crooks would order one of the infected systems to download and install the PoS malware," Softpedia contributor Catalin Cimpanu wrote about the incident. "This was only a test, and if after ten minutes everything worked out, the crooks would tell all compromised systems to do the same."

The strategy behind POS malware

The MICROS incident and the PunkeyPOS/POSCardStealer attacks are only two of the latest in a long line of cyber threats against retailers running POS software from their sales terminals. Short of going back to pencil and paper transactions, how can businesses prevent these attacks? And how do incidents like the one that impacted MICROS happen in the first place?

Trend Micro researchers noted that there are five main ways that POS attacks happen (although other forms of malware can gain access to your network through these paths, as well):

  • Phishing and social engineering: when hackers take advantage of unsuspecting computer users to worm their way into company networks via legitimate-looking emails or surprisingly convincing phone calls.
  • Employee on the inside: an employee who willingly serves as an ingress point for malicious activity.
  • Vulnerability exploitation: when malware infiltrates a system that hasn't been updated with the latest security patch.
  • Non-compliance with PCI DSS guidelines: failure to abide by the industry's regulations concerning security, which evolved last year to include EMV chip usage.
  • More sophisticated targeted attacks: when hackers get on the network using advanced techniques.

POS malware like the kind that impacted Target, MICROS and countless others is only one variety of malicious code out there. This leaves the question: How do you prevent these kinds of incidents from happening? Deep packet inspection and application control tools are critical to use when attempting to keep POS malware out of your systems.

Point-of-sale malware sprung into the limelight with the Target hack and other high-profile attacks, and these kinds of malicious programs continue to be a thorn in cyber security managers' sides. Investing in security solutions is part of an effective strategy to keep bad code out of your networks.

Related posts:

  1. ​Defending against new POS malware with EMV technology
  2. Retailers bracing for POS malware during holiday shopping season
  3. New RAM scraper malware discovered: What it is, how it works and how to protect against it
  4. LulzSec strikes again, hits News Corp newspaper

Security Intelligence Blog

  • Obfuscation Tools Found in the Capesand Exploit Kit Possibly Used in “KurdishCoder” Campaign
  • Mobile Cyberespionage Campaign Distributed Through CallerSpy Mounts Initial Phase of a Targeted Attack
  • Operation ENDTRADE: Finding Multi-Stage Backdoors that TICK

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Answering IoT Security Questions for CISOs
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • How To Be An Informed Skeptic About Security Predictions
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Trend Micro Selected as Launch Partner for AWS Ingress Routing Service and Stalkerware on the Rise
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • The Shared Responsibility Model
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • What Worries CISOs Most In 2019

Follow Us

Trend Micro In The News

  • Trend Micro Takes On Palo Alto Networks With Cloud Conformity Buy
  • Trend Micro Partners with Snyk to Fix Vulnerabilities for DevOps
  • Trend Micro Partners With Snyk To Advance DevSecOps
  • Hackers to stress-test Facebook Portal at hacking contest
  • NEW TECH: Trend Micro inserts 'X' factor into 'EDR' - endpoint detection response
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.