Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label POS Malware. Show all posts

POS Malware: Your Business Might Be at Risk


POS malware- Your business might be at risk

If you are a business owner that uses a POS system for receiving payments, you should be cautious about the dangers of point-of-sale malware and various threats associated with it. 

Malware is not very popular and is currently on the rise, however, if your system isn't protected, your businesses can be at risk.

Threat actors made the malware especially to attack POS systems to steal sensitive information like PINs, credit card numbers, and other personal data. The malware can be installed on any device that interacts with the POS system, this includes handheld devices, computers, and payment terminals. 

What is POS malware?

POS malware is software specifically created to steal customers' personal data via point-of-sale (POS) devices. The malware steals payment card info, this includes credit and debit card numbers, CVV codes, and expiration numbers. 

All of this information is stolen while your payment transaction is under process on the POS machine. The stolen data can be exploited for fraud purchases and identity thefts. 

POS malware is distributed via compromised networks and USB devices connected with the POS systems. It can also be spread using e-mails or other means of the internet. 

How does the POS malware work?

POS malware operates via attacking vulnerabilities in the POS system and software associated with it. The malware archives this by abusing weaknesses in the system, like poor security measures and weak passwords. 

POS malware takes the following steps to attack your business:

  • Getting access to your system

In the initial stage, the threat actor gains access to the victim system through an infected network or USB device. The access is achieved through methods like unsecured WiFi networks, phishing, or weak/predictable passwords.

  • Installing the Malware

After the threat actor gains access to the victim system, they deploy a POS malware into the targeted device (POS system). It can be a manual or remote process.

  • Threat actor starts collecting data

After the POS malware is installed, it hides secretly in the system and starts collecting data from customers' payment cards. The info stealing is done when the card details are stored in the system's RAM. It's the only time when data is encrypted. 

  • Harvesting the collected data

In the final stage, the threat actor harvests the collected card information for identity theft or fraudulent purchases. In some instances, they extract this data to a remote server where it is either sold or used for other criminal activities.

How to protect your business from POS malware?

  1. Create and implement robust security policies to protect yourself from threat actors.
  2. Use two-factor authentication (2FA), this ensures additional verification steps. 
  3. Check and verify network and device security
  4. Lookout for suspicious activities
  5. Inform and educate employees, and provide them proper POS training. 
  6. Use security software like antivirus to protect your business from external threats. 








Security Flaw in Oracle POS systems discovered

Researchers at ERPScan have discovered a new security flaw in the Oracle Micros Point-of-Sale (POS) systems that has left over 300,000 systems vulnerable to attack from hackers.

It was discovered in September 2017 by Dmitry Chastuhin, a security researcher, and was named “CVE-2018-2636”.

Oracle has already issued updates for this issue earlier in the month but due to companies’ fear of unstable patches and losses, it is suspected that it may take months for the patch to reach affected systems.

According to Chastuhin, the POS malware enables hackers to collect configuration files from the systems and gain access to the server.

Hackers can also exploit the flaw remotely using carefully crafted HTTP requests. Many of the vulnerable systems have already been misconfigured to allow such access and are available online to be easily exploited if the patches aren’t used soon.

Patches for the flaw were made available in January 2018 in Oracle’s Critical Patch Update (CPU). More information on the bug can be found here.