Legendary bank robber Willie Sutton famously explained that he robs banks “because that’s where the money is.”
This is what Cyber criminals are doing. Straight from the page out of Sutton’s book, targeting point-of-sale (POS) systems, whether physically or online, to expand their malware threats.
Nowadays, online fraudsters, the POS is where the money is.
Dubbed as FastPOS, it has been infecting POS machines for quite some time, that it has a version history they can keep track of.
According to Softpedia, the malware underwent a major revision in September. The update shows a growing sophistication in how FastPOS operates.
Earlier versions it only ran one process at a time. However, it has evolved to a modular mode of infecting systems. Each module is capable of running independently. A module may cause a process to appear when active, but it can also hide in other programs. This way, instead of writing the function to one file, different components can hide in the malware’s resource.
Even Trend Micro recently issued an updated advisory about FastPOS. It reported that the malware uses mailslots to run applications that store and retrieve messages. Mailslots are temporary, so attackers can save information to them without leaving the traces that a physical file would entail.
POS systems must use stricter application control which makes use of white-listed applications to execute to prevent this type of malware to get in.
POS nor e-commerce wont be a deterrent for malware attack to happen – it just won’t show up in the same way.
They might try to get in to the website via vulnerabilities that originate from the Content Management System (CMS) and alter the sites code thru a javascript file. Magecart is one good example.
Once active, the Magecart malware waits for the user to be on the checkout page, according to a Softpedia article. When that happens, a second keylogger function is activated to scrape user data. It can even add input fields to the site’s checkout form if the attackers want more personal or financial information.
Magecart’s authors took pains to change the domains that download malware code, so monitoring just one address won’t help. Payment systems should require complex admin credentials to protect against this type of malware. The server and CMS software should also be kept up to date to prevent attackers from exploiting legacy vulnerabilities.
Malware developers and cyber crooks are getting smarter every day and drastically move to more sophisticated techniques. IT professionals, companies and organizations must prepare themselves for newer and stealthier attacks. They will always be thieves that will try to steal… They will always be where the money is.
