Security Resources

POS Malware Found in 40 Countries

PC_with_creditcardsAs reported by the Israel-based IT security firm, Seculert, malware has been found in POS systems in 40 countries, stealing credit card information from hundreds of thousands of consumers. Why should this matter to security integrators? Read on…

“Dexter” – the name given to the malware – appears to target Windows based systems and servers, and uses a command and control server to tailor attacks and collect stolen data. It is custom-made, and has been used over the past 2-3 months to infect hundreds POS systems. Some of the targeted systems include big-name retailers, hotels, restaurants and even private parking providers.

One of the unknowns is the method of delivery, since many of the affected systems are servers which would typically not be used for web browsing or other common tasks which might result in infection. It is believed that the attackers may have compromised other computers or devices on the same network, then launched an attack on the server from inside the target’s network.

Once installed, Dexter looks for processes that correspond to specific POS systems, and when it finds them, dumps the memory and parses it for credit card (track one and two) information to send to the C&C server. End-to-end encryption, which protects data from the card reader all the way to the payment processor, would prevent the attack from being successful – but adoption of this technology is slow due to the cost of new hardware.

Security integrators should be concerned about the possibility of their hardware being an attractive vector for future attacks. With the proliferation of DVR/NVR systems (and other security equipment) that integrate with POS – or those that simply share the store LAN/WAN – attackers may find these targets irresistible. PC-based video recorders, in particular, would provide a powerful platform from which to probe the network and infect vulnerable systems. See this post for additional thoughts on the subject.