• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Retailers may be gifted FastPOS this holiday season

Retailers may be gifted FastPOS this holiday season

  • Posted on:November 14, 2016
  • Posted in:Industry News, Security
  • Posted by:
    Trend Micro
0
Retailers must take steps to protect themselves against FastPoS malware.

Chilly weather, falling leaves and pumpkin-spiced everything are signs that the holiday season is just around the corner. Retailers have already taken steps to get ready by hiring and training personnel for these busy times. However, can they say the same for their point-of-sales systems? When a person pays with a debit or credit card, it’s swiped through a PoS device to complete the transaction, grabbing essential payment information to make the purchase. With all the data that PoS solutions handle, these systems become a likely target for malware and other cyberthreats.

Over the years, PoS malware has become more sophisticated, as seen by the Target breach in 2014. Businesses should be on the lookout for signs that FastPoS, a recent strain of PoS malware, has infected their systems. FastPOS has been updated to pose a new threat to retailers as the holidays approach, and it will be important for these organizations to review their security measures now.

The characteristics of FastPoS

In order to prepare for PoS malware, you must first understand what that particular strain is capable of. FastPoS, identified by Trend Micro as TSPY_FASTPOS.SMZTDA, directly steals credit card data from the system and exfiltrates the information to its command and control servers. Unlike some other malware strains, FastPoS aims to steal as much as possible, as fast as it can, even if that means that it’s detected. A number of small and medium businesses have likely already been infected by this malware.

With the holidays coming up, FastPoS received an update to make it ready for the biggest sales days of the year. Upgrades to any software help make it faster, more efficient and add functionality, all of which happened to the new FastPoS improvements. According to Softpedia, FastPoS can now infect computers with 32- and 64-bit architectures and abuse Windows Mailslots to target smaller businesses. If this sounds like your setup, it’s important to start reinforcing security measures now. The update serves as a reminder that the FastPoS developer is active, and the malware may become even more of a threat in the future.

How are people impacted by FastPoS?

Whether a business operates in a brick-and-mortar store, over a virtual environment or both, FastPoS can impact retailers this holiday season with attacks meant to take as much as possible before it’s found out. However, many groups are directing their focus to supporting their customer, rather than ensuring that their PoS systems are secure. According to the National Retail Federation, there’s expected to be a 3.6 percent growth in sales, to hit $655.8 billion. Revenue made during this time of the year typically makes up for nearly 20 percent of a retailer’s yearly sales, which shows just how many people shop around the holiday season.

Even with a threat like FastPoS on business systems, many consumers will likely still use their cards to pay for their goods. According to a 2015 survey conducted by Bankrate and Princeton Survey Research Associates International, 39 percent of shoppers planned to use cash, but 53 percent stated that they would use a debit or credit card for their purchases during the holidays. This makes sense because many cards, whether from a bank or from the store itself, offer a number of benefits when they’re used, like cash back or discounts. FastPoS developers understand this trend, and the update comes at a time when it’s likely to be the most deadly to retailers.

Are retailers ready for FastPoS?

Unfortunately, a number of organizations don’t appear to be prepared when it comes to deterring malware. According to a 2014 survey by the Ponemon Institute and EMC, 51 percent of respondents admitted that their PoS systems might not be able to handle the traffic that comes with the holidays. It also found that 64 percent of participants had an increase in attack activity during the holiday season, and they believe they’re more likely to experience fraud at this time. Retailers must cover all of their bases when it comes to their payment systems, in order to keep malware at bay and mitigate fraud.

It’s not too late for retailers to start securing their system against FastPoS and other malware strains. Identity Week noted that many organizations have an IT freeze during the holidays, where no new security tools or IT projects are implemented. This is done mostly to ensure that mission-critical systems are at their top performance and availability. While this can make sense when Thanksgiving draws closer, there’s still time to implement better security measures. In fact, many providers have products that won’t rock business operations when integrated. It’s in the organization’s best interest to start merging protection measures into its solutions.

“There is no logic in the argument: now is not a good time to secure our environment,” Identity Week stated.”Every day that information security is weak, is another day that your company can be exploited by hackers. And it’s another chance for your customers’ financial information to be stolen. There is no holiday season in cybersecurity.”

Why you should go the extra mile

If a retailer is operating off of pre-loaded security capabilities built into the PoS system, this isn’t going to be enough to stop all attacks. While it’s certainly a good first step, malware is constantly updated, as shown by the recent developments to FastPoS, and new, more sophisticated strains continue to emerge. These advancements often aim to exploit known security vulnerabilities within PoS solutions, and the standard security measures won’t win here.

Rather than going through your annual IT freeze, take this time to reevaluate your PoS protections. There’s enough time to make necessary changes and ensure that they work before the busiest days of the year. This effort will also provide a better experience for your customers. Malware deterrence means that no consumer will have their financial information compromised. This peace of mind is one of the best gifts to offer customers and it will reflect on the organization’s reputation and future public relations.  FastPOS has been updated in time for the holidays, but you can take action now to prevent it from impacting your business.

Related posts:

  1. Mobile buyers beware this holiday season
  2. Retailers bracing for POS malware during holiday shopping season
  3. Don’t give to cybercriminals this holiday season
  4. Holiday Shopping Scams: ‘Tis the Season for Data Protection

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Detected Cyber Threats Rose 20% to Exceed 62.6 Billion in 2020
  • Trend Micro Recognized on CRN Security 100 List
  • Trend Micro Reports Solid Results for Q4 and Fiscal Year 2020
  • Connected Cars Technology Vulnerable to Cyber Attacks
  • Trend Micro Asks Students How Their Relationship to the Internet Has Changed During COVID-19
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.