Most of us were stunned to hear about the economically devastating malware attacks on several U.S. retail chains this past December. More than 70 million customers are potentially impacted by the breach at Target stores alone. But what’s most surprising is how easy it was for cybercriminals to use off-the-shelf malware to exploit point-of-sale (POS) system vulnerabilities.
POS Malware Is Not New
Besides addressing common security threats, retailers must also battle a cybercrime ecosystem that is primarily focused on POS systems. Over the last few years, we’ve seen a notable increase in the number of POS malware families, including POSCardStealer, Dexter, Alina, vSkimmer, and ProjectHook, many of which can be purchased online. The cybercrime industry and its role in POS attacks are detailed in the recent McAfee Labs Threats Report: Fourth Quarter 2013.
More Details on the Target Breach
In cooperation with various agencies, McAfee Labs learned that BlackPOS malware was used to steal customer data handled by Target POS systems. This malware is sold as an off-the-shelf exploit kit that can be easily modified and redistributed with little programming skill or knowledge of malware functionality. BlackPOS source code has also been leaked multiple times.
The attackers customized BlackPOS for the Target environment, enabling malware components to hardcode scripts in order to access information such as Active Directory domain names, user accounts, and IP addresses of Server Message Block (SMB) shares. Making the POS systems particularly vulnerable, the scripts were in plain text, and the transmitted data was sent in clear text (i.e., unencrypted) via FTP to its destination.
Cybercriminals are constantly on the move, looking for ways to evade popular antimalware applications and controls. Every day, McAfee discovers new cryptors, packers, and other obfuscation methods used to avoid detection. Some attackers purchase software online that can test whether the Trojans they created will slip past their targets’ defenses and popular security apps.
Security by Design – Call to Action for OEMs
The security landscape for retailers is extremely challenging, especially for those with a large assortment of retail devices. The best defense against data-stealing malware is comprehensive threat protection, which is essentially an end-to-end security approach that allows the network to identify advanced malware and suspicious traffic. As such, it’s critically important that OEMs offer secure retail devices to help the retail industry better fend off the cybercrime community.
OEMs are in the best position to understand how to protect the devices they’ve designed and consequently, should ensure the devices they ship are fully protected on day one.