Security researchers at Cisco found that a type of point-of-sale malware called Pro POS, which made the rounds...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
recently, was very easy to use and obtain, and was actually much less sophisticated than experts initially thought. What makes this POS malware so simple, and why can't enterprises stop it?
What was once advanced is now common and less-skilled attackers can successfully adopt the techniques to attack enough systems to profit. This appears to be the case with Pro POS, the point-of-sale malware uncovered by Cisco security researchers. The malware authors appear to have started with a leaked version of the Alina malware, and changed a couple of names and potentially added new unfinished functionality to target point-of-sale systems. The malware authors added rootkit functionality, but it doesn't appear to have been utilized yet. Pro POS malware also has functionality included for executing code that was not correctly implemented, where the password "Password" was used to encrypt a file. The malware is full of operational security vulnerabilities, according to Cisco researchers, including a major flaw that allows arbitrary PHP execution.
Pro POS has significant vulnerabilities and simple operations, but even with these limitations, it can still be used to compromise POS systems because of their weaknesses. Enterprises may not be able to stop it because the malware could have been modified, just enough to bypass standard signature based antimalware checks, and potentially could be loaded onto the POS systems via a USB drive or other mechanism. The costs are significant to secure legacy POS systems that have not been upgraded to support Chip and PIN functionality, and to make moves to support EMV technology. Businesses, regardless of size, need to implement the necessary security controls in PCI DSS to ensure their POS systems are protected and to migrate to Chip and PIN functionality.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read about how enterprises can defend against ModPOS malware
Learn how whitelisting technology can prevent POS system attacks
Find out what your enterprise can do to fight PoSeidon malware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.