By Robert Lemos 15.05.14
Online thieves are expanding their use of malware to steal credit- and debit-card information from point-of-sale systems, easily defeating many defenders’ uneven efforts to keep them out, according to a report released on May 12 by Arbor Networks, a network security firm.
Small companies do not have the security expertise to deal with securing their networks and detecting attacks, while the complexity of large corporate networks makes detecting the signs of an attack more difficult, Curt Wilson, an analyst with Arbor’s Security Engineering ; Response Team (ASERT), told eWEEK.
“When you are a large organization, it only takes one error in permissions or one error in access controls; all it takes is one hole like that to allow attackers to get in,” he said.
The Arbor report describes many of the existing malicious programs that target point-of-sale (POS) systems and the ways that companies can detect the telltale signs of infections by such malware. BlackPOS, well-known for its use in the breach of retailer Target, searches for internal systems and has some specific encryption keys that could tip off IT administrators to its presence. Alina, another popular malware program, uses a 666 response code that, with other indicators, could be a way to detect the program.
The menagerie of malware shows that attacks on POS systems have evolved from simple compromises that exfiltrated card data to memory-scraping malware controlled by botnet infrastructure, Wilson said. Detecting and blocking such attacks should not be difficult, he said.