Wednesday, March 23, 2016

What is a POS Malware ?


A POS Malware is a malware using which cybercriminals steal sensitive credit card data of victims and exploit that for malicious purposes, causing heavy financial loss to the victims.


POS Malware infects a POS system and then collects credit card data of a user from the system, when the card is swiped for making payments.



What is POS ?


POS or Point of Sale is the time and place where a retail transaction is completed.

Merchants normally use a system to collect POS data from the customers. The POS System may consist of a weighing scale, a scanner, electronic and manual cash registers, a payment terminal etc. When a customer makes a payment, the POS system registers POS data of the customer after the payments are made.

In POS Malware Attack, the cyber criminals use a malware to infect the POS System and extract sensitive credit card data of users from that.



Different methods of getting credit card data


In earlier days, cybercriminals used to use additional hardware to steal credit card data of users from the POS System. They would often install the malicious hardware into the POS System and read the sensitive data from the cards whenever they were swiped.

But, cyber criminals gradually found this attack to be much inconvenient. And thus, they started to infect the POS System with a malware to collect the sensitive data.



How do POS Malware obtain credit card data ?





A POS Malware typically use several steps to infect a POS System and collect sensitive data from it. The steps of a typical POS Malware Attack is mentioned below :


Infiltration of the corporate network

To install malware in a POS System, attackers need to access the system first. A POS system is not normally connected to the internet, but it is connected with the corporate network. So, the attackers first tries to infiltrate the intended corporate network.

Attackers may use several methods to gain access to the corporate network. They may use SQL Injection Attack (To know more : What is an SQL Injection Attack ?) in a webserver, break into a device using default manufacturer password or send Phishing emails to an individual within the organization and perpetrate more attacks subsequently to infiltrate the intended corporate network.


Gaining Access to the POS Systems

After infiltrating the intended corporate network, attackers try to gain access to the intended POS Systems.

The simplest method they can take for that purpose may be to use Keylogging Trojans (To know more : Keyloggers), extract password hash from the server or to apply brute-force methods to obtain login credenrials of the systems.


Stealing Data

Normally, when sensitive credit card data travels from one system to another, they are encrypted. But, the data is not encrypted as long as they are not transferred or stored.

Attackers typically use a RAM-scraping malware to obtain data from RAM, whenever a credit card is swiped and the data is kept in RAM temporarily.


Maintaining Stealth

As the attackers mostly manage to get administrative credentials of the systems, they often scrub logs, disable monitoring software and systems or modify configuration of the security software to avoid detection.


Exfiltration

After collecting the sensitive data, the attackers connect to a staging server to transmit the data to the attackers later.

The attackers normally compromise an internal system which frequently connects with the POS Systems and use that internal system as a staging server. And then, at suitable time the data is transferred to the attackers, often by exploiting a number of internal systems.


Prevention

Use of EMV or “chip and pin” technology can reduce POS Malware attacks to a large extent.

EMV cards contain embedded microprocessors that provide strong transaction security. EMV cards never transmit credit card data in the clear, and that make them considerably less attractive to the cyber criminals. These cards are much difficult for the attackers to clone.


And, the use of two-factor authentication, proper network segmentation and monitoring software always helps.


So, beware of various malware and how to combat them efficiently, so that you can protect yourself in a better way. And, stay safe, stay protected.


3 comments: