A new type of malware targeting point-of-sale (POS) systems called ModPOS targeted retailers over the holiday season...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
and compromised millions of credit card accounts. How does this new POS malware work, and can anything be done about it?
Most POS malware seems to have the same functionality and the same end goal of stealing credit card information. Anything beyond that might be seen as a waste of time for credit card fraud rings that target many different POS systems and retailers. The extra effort to hide malware past the period of time it takes a bank to determine if a merchant has been compromised might also be seen as a waste. It was previously thought that attackers would not make the effort to organize targeted custom attacks using advanced techniques, but as iSIGHT Partners discovered while investigating the ModPOS malware, some criminals are doing just that.
The ModPOS malware has the same basic functions as most POS malware, but what sets it apart is the customization and the seemingly professional-level software development of the malware. Three of ModPOS' relatively unique functions are: to download updated binaries from websites via Web error messages -- assuming the IDS will ignore the connection since the remote server generated an error on the connection -- using packed kernel modules for the malware operations to make the executables more difficult to detect and analyze, and having a large number of functions that can be reused.
The same steps mandated by PCI DSS as part of basic cyber hygiene can be used to prevent attacks like ModPOS. iSIGHT Partners' published findings and threat intelligence can help other enterprises defend their systems, but it should be noted that the malware seems to be customized to a target-by-target basis. The component detected as malware prior to iSIGHT Partners' publication was not identified as POS malware and was labeled as a low risk. While the malware is a low risk to the general public, if it is found in a POS environment, it should be thoroughly investigated.
Ask the Expert:
Have a question about enterprise threats? Send it via email today. (All questions are anonymous.)
Read how your enterprise can defend against evolving POS malware like PoSeidon
Learn about the POS security weaknesses pointed out by major retail breaches
Find out if whitelisting technology will protect POS terminals against malware
Dig Deeper on Malware, virus, Trojan and spyware protection and removal
Related Q&A from Nick Lewis
The OurMine hacking group recently used DNS poisoning to attack WikiLeaks and take over its web address. Learn how this attack was performed from ...continue reading
Typosquatting was used by threat actors to spread malware in the NPM registry. Learn from expert Nick Lewis how this method was used and what it ...continue reading
Threat actors are using phishing email campaigns to fool users with tech support scams and fake Blue Screens of Death. Learn how these campaigns work...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.