SMBs worst hit by PoS malware attacks in Q3, 2015

NEW DELHI, INDIA: PoS malware detection volume grew 66% Q1-Q3, according to a TrendLabs report. SMBs proved easy point-of-sale (PoS) malware attack targets this quarter. 45% of PoS malware detection in Q3 was with SMBs, followed by consumers with 27% and Enterprises with 19%.

Attackers went after as many vulnerable PoS devices as possible in hopes of hitting the jackpot. They relied on tried-and-tested tactics like spamming as well as tools like macro malware, exploit kits, and botnets.

A PoS random access memory (RAM) scraper made its way into devices aided by the Angler Exploit Kit, which is known for using malvertisements and compromised sites as infection vector.

Kasidet or Neutrino malware began sporting PoS-RAM-scraping capabilities this quarter. Kasidet, a commercially available builder, is known for its use in DDoS attacks, hits into PoS systems via malware-laced spam. As a result, its latest iteration accounted for 12% of this quarter’s total PoS malware detection volume.

This July, a new GamaPOS variant spread mayhem with the help of the Andromeda botnet and the “dynamite or blast fishing” approach. Blast fishing is the practice of using explosives to stun or kill schools of fish for easy collection.

Attackers spammed practically every address they could get their hands on in hopes that the malware would make their way to PoS systems. Their emails came with macro malware attachments or links pointing to compromised websites.

SMBs, which had poorer protections in place compared with large enterprises, suffered most. This could be due to the extensive customer databases they keep with minimal to nonexistent security.

The slow adoption of next-generation payment technologies like the Europay, MasterCard, and Visa (EMV) and contactless Radio-Frequency-Identification (RFID)- enabled credit cards, mobile wallets (Apple Pay and Android Pay), and new payment-processing architectures could also adversely affect the security landscape.