The FBI warned the retail and security industry early this year about the potential barrage of POS (Point of Sale) malware variants that were designed to target and penetrate the retail industry head on. This all stemmed from the Target POS attacks late last year and has slowly progressed into a land grab and subsequent assault on other retailers. We don’t believe we have seen the last of these POS breaches. Many of these organizations are not equipped with breach detection capabilities to truly analyze these types of malware campaigns. In most cases of POS malware variants, it could have been detected and thwarted if custom sandboxing was implemented; application controls established and file integrity monitoring configured effectively. It is imperative to discern who is hunting your organization, what their motives/behaviors are and what kind of attack code they are employing. Offense most definitely informs defense and can help significantly with the establishment of proper counter measures. Our Forward-Looking Threat Research team has been heavily involved in the analysis of these POS memory scrapper variants and their associated charters of chaos. Education and awareness is critical as well as integrating threat intelligence and product capabilities into the equation to be effective in fighting the good fight against this malicious activity.
Our 2014 3rd quarter threat roundup, Vulnerabilities Under Attack: Shedding Light on the Growing Attack Surface, brings to light the quantifiable data that showcases the US as the most impacted country as it pertains to POS malware. This may or may not come as a surprise in light of all the recent attacks. POS could stand for something else that might define the current state of the industry for how credit card data is being pillaged. This phenomenon coupled with the fact that the US contains the highest concentration of Command and Control (C&C) server infrastructure according Trend Micro’s analysis is equally concerning. What this means is several-fold. The US-based approach of reading the magnetic stripe data at the POS registers has allowed for the insertion of malware designed to capture that magnetic stripe data before it can becomes encrypted. When you look at the chance for exposure, doing this in memory against legacy POS and operating systems is a pretty brilliant crime.
The effort is not futile. In fact, solid guidance on how to secure these systems has been coming out in the industry since the Target payment breach more than a year ago. Our 2015 threat predictions, Trend Micro Security Predictions for 2015 and Beyond Report, detail the reboot of the POS industry, particularly as the US moves away from just magnetic stripe data and evolve to EMV/Chip and Pin technology. Additionally, next generation payment systems leveraging NFC (Near Field Communications) technology will also become a focal point for cybercriminals looking for vulnerabilities and attack vectors.
Please add your thoughts in the comments below or follow me on Twitter; @jdsherry.