Types of Malware Targeting Point of Sale Systems
January 24, 2014 | POSTED BY JERALD DAWKINS IN MALWARE, PCI, TOKENIZATION
In light of the recent Target event, there has been an uptick in activity around malware that specifically targets Point of Sale systems. The most common ones that seem to be referenced are the following:
Affects Windows-based Point of Sale systems. The attack essentially sits in between the card reader and the POS application. Track data (data that can be used to replicate a physical credit card) is extracted and uploaded to a remote server via FTP.
A successor to BlackPOS, Trojan.POSRAM monitors RAM to identify unencrypted track data. In this scenario, you could be encrypting at the card reader, but if any time during the data flow the data is unencrypted (say to pass to a processor) then the data is exfiltrated.
Dexter is also Windows-based with several active variants. Similar to BlackPOS, it extracts data by sitting between card readers and the POS application.
Reports say that VSkimmer is a successor to Dexter targeting Windows-based systems. This one is interesting because even if the system cannot communicate to the Internet, it waits to propagate all collected data through a USB drive.
The take away from analyzing these pieces of malware is that we need to be diligent in protecting our credit card segments, whether you use a virtual terminal (website for processing) or a credit card swipe device. This malware could just as easily impact a small merchant as it did Target. The PCI-DSS requires controls that prevent these attacks from happening. However, stuff happens?
Using tokenization (such as a cloud-based tokenization platform like TokenEx
would not prevent these attacks from taking place. However (and this is a big HOWEVER), tokenization would render the stolen data useless to the attacker. If Target had been using tokenization throughout their environment, I wonder if we would have even known about the attack.