In case the coverage of last year’s Target breach did not drive this point home: Criminals are very interested in retailers’ Point of Sale (PoS) machines. Because so many credit card numbers pass through these systems, and they are often insufficiently guarded, criminals find them a very low-hanging fruit for theft. Recently, a new type of malware has been found that specifically tries to break into PoS machines. ESET detects this threat as Win32/BrutPOS.A.
The idea behind BrutPOS is that it tries to brute-force its way into PoS machines by trying a variety of (overused) passwords in order to log in via Remote Desktop Protocol (RDP). It is unclear at this time how this malware is being spread, but it is likely just one component of an attacker’s toolkit – that is to say, it is probably being used in concert with other malware, possibly depending on the defenses (or lack thereof) on the machines being attacked. Once the machine has been breached, the trojan installs a “RAM Scraper” which collects credit card numbers from the memory of the PoS machine and sends them back to the attackers via FTP. Many of the systems on which this malware has been found belong to small businesses, which are particularly desirable targets for such theft.
Is your Point of Sale machine protected against attacks?
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.