Point-of-sale (POS) malware is an attack on information security and is a problem that has reached massive measures. It has become extremely damaging to many companies, more so than almost any other cyber threat.
Even though the POS system threat is much less complex than other malware threats, like the banking trojans that have been happening, it can still be extremely damaging.
The attack becomes public very quickly after it has been discovered, usually, that comes from somebody outside the affected business. The overall damage ends up affecting the customers, the card issuers, the card corporations, and the businesses service providers.
The business that has been a victim of a POS malware attack experienced, is the victim of cybercriminals, sometimes by organized cyber gangs. The POS malware is designed to look for and steal credit and debit card data from both the process point and storage point.
You could deduce that using POS malware is very profitable because its a much easier and safer way for cybercriminals to get all that card information without ever having to worry about their face showing up on a security camera.
How POS Systems Work
POS trojans al work in basically the same way, called RAM scrapers due to the fact that they are designed to dig into parts of a POS terminal memory to find card data and send it to the cybercriminal.
Once the card transaction is processed through the POS terminal point, the card’s data is automatically and instantly stored on whatever endpoints the retailer has set up. Encryption is designed to completely protect the data, but there is a split second window in which the information is still unencrypted while it waits for the authorization to finish, saving it in process memory.
The split-second window of opportunity the POS trojans use to attack gives them just the right amount of time to scan the RAM in search of card data and then “scrape” it from there, this is why the name of “RAM scrapers.”
This data is extremely important because it has the card holder’s name, their primary card number and it’s security code, plus many other pertinent details. Once the cybercriminals have the data, it is sent out on a predetermined time, making it appear as unassuming as possible, or it can be extracted by the criminals on demand.
Hiding surreptitiously on POS terminals or servers that store this data, these trojans can gather large numbers of cards and transmit them to the cybercriminals and, unless they are detected, they can cause much more harm with every minute that goes by.
How are POS Systems Getting Infected
Putting malware on POS terminals is getting easier over time. Is this possible? Yes, in previous years, POS terminals were considered proprietary equipment that was supplied by different vendors.
They were each different and were not usually open to any activity except to process payments. It used to be very difficult to alter the old POS terminals unless you had hands-on access to the machine.
These days, POS terminals are just simple computers, with a Windows or UNIX operating systems, these are similar to using Windows XP. These systems are easy to utilize from a technical standpoint, especially with the sophistication and available resources the cybercriminals have nowadays.
Utilization possibilities are endless when employees are required to use that same terminal to also receive an email from the main offices of the chain stores. This largely increases the chance of malware infection.
Updates add more problems to the mix. Updates that have to be sent out to many terminals at once, require people to have regular remote access, cybercriminals prey on that.
Some merchants hire outside technical support which means, installing remote control tools on all the terminals so that troubleshooting is easier, this is another area the criminals use to try to slip in. This makes it even easier to exploit when the merchant continues to use the same default password for remote accessibility.
7 Years Elapsed Time?!
All of these changes have occurred in the last seven years, unbelievable! Imagine what can happen in the next seven years. We really need to up our game and come up with a foolproof way to prevent this from happening, they also find a way to catch those who commit this act much quicker than we do now.
Catching them sooner will help alleviate having so many breaches in security in many sensitive places. So what are we doing to stop POS malware cyber attacks, and what ways can we become more adaptable in the face of this threat?
We need to keep malware from ever making it to the POS terminals to start with. The framework that processes card payments, needs to be protected by all means possible. We need to stop the utilizing attempt as soon as it happens, no matter what new vulnerability is being influenced.
We need to encrypt that data in a much more powerful way. Because of the tiny lapse in time where it is not encrypted it is very vulnerable. To close that gap, security pros have been working on enforcing end-to-end encryption.
Possible technological solutions to keep the data obscured at all times are hopefully going to disrupt the RAM-scraping cyber attacks. If the data is kept encrypted, the criminals won’t get any information they can use even if they are successful in stealing it.
Block extraction attempts the moment they happen. Cover all bases with the optimal ability to detect and block the extraction of information from your terminals and servers. Great! So why doesn’t everyone just shut POS malware cyber attacks down for permanently? Actually, that’s where things are going right now. Read more about POS Quote here.
On the compliance side, PCI DSS v3.1 is the current administration of the new payment card security norm. The council is demanding stronger encryption, but many still believe it is not enough. They feel it should require full disk encryption on all POD terminals that are used to process the card payments.