Point-of-sale (POS) malware is an attack on information security and is a problem that has reached massive measures. As a result, it has become extremely damaging to many companies, more so than almost any other cyber threat.
Even though the POS system threat is much less complex than other malware threats, like the banking trojans that have been happening, it can still be extremely damaging.
Attacks on POS Systems: Dealing with Malware
The attack becomes public quickly after being discovered; it usually comes from somebody outside the affected business. So the overall damage ends up affecting the customers, the card issuers, the card corporations, and the business service providers.
The business that has been a victim of a POS malware attack experienced is the victim of cybercriminals, sometimes organized cyber gangs. The POS malware is designed to look for and steal credit and debit card data from both the process and storage points.
You could deduce that using POS malware is very profitable because it’s a much easier and safer way for cybercriminals to get all that card information without worrying about their face showing up on a security camera.
How POS Systems Work
POS trojans work similarly: RAM scrapers because they are designed to dig into parts of a POS terminal memory to find card data and send it to the cybercriminal.
Once the card transaction is processed through the POS terminal point, the card’s data is automatically and instantly stored on whatever endpoints the retailer has set up. Encryption is designed to protect the data completely, but there is a split-second window in which the information is still unencrypted. At the same time, it waits for the authorization to finish, saving it in process memory.
The split-second window of opportunity the POS trojans use to attack gives them just the right amount of time to scan the RAM in search of card data and then “scrape” it from there; this is why the name of “RAM scrapers.”
This data is extremely important because it has the cardholder’s name, primary card number, security code, and other pertinent details. Once the cybercriminals have the data, it is sent out at a predetermined time, making it appear as unassuming as possible, or the criminals can extract it on demand.
Hiding surreptitiously on POS terminals or servers that store this data, these trojans can gather large numbers of cards and transmit them to cybercriminals. Unless they are detected, they can cause much more harm with every minute that goes by.
How are POS Systems Getting Infected
Putting malware on POS terminals is getting easier over time. Is this possible? In previous years, POS terminals were considered proprietary equipment that different vendors supplied.
They were each different and were not usually open to any activity except processing payments. It was very difficult to alter the old POS terminals without hands-on access to the machine.
These days, POS terminals are just simple computers with Windows or UNIX operating systems, similar to Windows XP. These systems are easy to utilize from a technical standpoint, especially with the sophistication and available resources the cybercriminals have nowadays.
Utilization possibilities are endless when employees are required to use that same terminal to receive an email from the main offices of the chain stores. But, unfortunately, this largely increases the chance of malware infection.
Updates add more problems to the mix. For example, updates that have to be sent out to many terminals at once require people to have regular remote access, cybercriminals prey on that.
Some merchants hire outside technical support, which means installing remote control tools on all the terminals so that troubleshooting is easier; this is another area the criminals use to try to slip in. This makes it even easier to exploit when the merchant continues to use the same default password for remote accessibility.
7 Years Elapsed Time?!
All of these changes have occurred in the last seven years; unbelievable! Imagine what can happen in the next seven years. We need to up our game and devise a foolproof way to prevent this; they also find a way to catch those who commit this act much quicker than we do now.
Catching them sooner will help alleviate many security breaches in sensitive places. So what are we doing to stop POS malware cyber attacks, and how can we become more adaptable to this threat?
We need to keep malware from ever making it to the POS terminals. The framework that processes card payments must be protected by all means possible. We must stop the utilizing attempt as soon as it happens, no matter what new vulnerability is being influenced.
We need to encrypt that data in a much more powerful way. However, because of the tiny lapse in time where it is not encrypted, it is very vulnerable. Security pros have been working on enforcing end-to-end encryption to close that gap.
Possible technological solutions to keep the data obscured at all times will hopefully disrupt the RAM-scraping cyber attacks. In addition, if the data is kept encrypted, the criminals won’t get any information they can use, even if they successfully steal it.
Block extraction attempts the moment they happen. Then, cover all bases with the optimal ability to detect and block the extraction of information from your terminals and servers. Great! So why doesn’t everyone just permanently shut POS malware cyber attacks down? Unfortunately, that’s where things are going right now. Read more about POS Quote here.
On the compliance side, PCI DSS v3.1 is the current administration of the new payment card security norm. The council demands stronger encryption, but many still believe it is insufficient. They feel it should require full disk encryption on all POD terminals processing card payments.