Malware spotlight: Point of sale malware

Introducing point of sale malware

Point of sale (PoS) systems are the payment devices that you can find at almost any store. Depending on their level of sophistication, they allow you to swipe a credit card, insert a chip-based card or tap a card or mobile device in order to make a payment.

In order to verify a payment’s legitimacy, these devices need to be able to both read the payment information of the card and to connect to the corresponding financial institution via the internet.

Cybersecurity Live - Boston

Wherever you have internet-connected devices with access to valuable data (like payment card information), you probably have cybercriminals. Point of sale malware is designed to reside on a PoS terminal, steal the information of the payment cards used on that terminal and transmit that data to a cybercriminal via the internet.

How point of sale malware works

Like any other type of malware, a point of sale malware infection begins by gaining a foothold on the target device. This can be accomplished in a variety of different ways. Many PoS terminals are old systems, which can have known, unpatched vulnerabilities or be using default credentials. A failure to properly isolate PoS systems from partner networks or the organization’s own internal network can also give an attacker an entry point and access to the PoS systems.

Once installed and executing on the target devices, point of sale malware operates as a very simple RAM scanner. While payment card information is protected with end-to-end encryption while in transit, it is present unencrypted in RAM on the PoS terminal. Point of sale malware searches for data that matches the Track 1 or Track 2 formats that are used in the magnetic strips on payment cards. Any collected data is then exfiltrated to the cybercriminal via the internet.

(Read more...)

*** This is a Security Bloggers Network syndicated blog from Infosec Resources authored by Howard Poston. Read the original post at: