Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Trustwave SpiderLabs Uncovers Ov3r_Stealer Malware Spread via Phishing and Facebook Advertising. Learn More

Services
Capture
Managed Detection & Response

Eliminate active threats with 24/7 threat detection, investigation, and response.

twi-managed-portal-color
Co-Managed SOC (SIEM)

Maximize your SIEM investment, stop alert fatigue, and enhance your team with hybrid security operations support.

twi-briefcase-color-svg
Advisory & Diagnostics

Advance your cybersecurity program and get expert guidance where you need it most.

tw-laptop-data
Penetration Testing

Test your physical locations and IT infrastructure to shore up weaknesses before exploitation.

twi-database-color-svg
Database Security

Prevent unauthorized access and exceed compliance requirements.

twi-email-color-svg
Email Security

Stop email threats others miss and secure your organization against the #1 ransomware attack vector.

tw-officer
Digital Forensics & Incident Response

Prepare for the inevitable with 24/7 global breach response in-region and available on-site.

tw-network
Firewall & Technology Management

Mitigate risk of a cyberattack with 24/7 incident and health monitoring and the latest threat intelligence.

Solutions
BY TOPIC
Microsoft Exchange Server Attacks
Stay protected against emerging threats
Rapidly Secure New Environments
Security for rapid response situations
Securing the Cloud
Safely navigate and stay protected
Securing the IoT Landscape
Test, monitor and secure network objects
Why Trustwave
About Us
Awards and Accolades
Trustwave SpiderLabs Team
Trustwave Fusion Security Operations Platform
Trustwave Security Colony
Partners
Technology Alliance Partners
Key alliances who align and support our ecosystem of security offerings
Trustwave PartnerOne Program
Join forces with Trustwave to protect against the most advance cybersecurity threats

Why Point-of-Sale Malware Isn’t Going Away – And What You Can Do About It

Many shoppers are now doing as much dipping of their credit and debit cards as they are swiping them.

This is thanks to the ongoing rollout of EMV, a global technical standard to which U.S. retailers began migrating about a year ago when liability for credit card fraud shifted from card issuers to the merchants themselves, unless their payment terminals are chip-enabled.

Unlike with traditional cards where data is exclusively encoded on magnetic stripes, EMV moves the sensitive data to an embedded microprocessor chip as well, which creates a unique transaction code for each purchase to perform authentication, verification and authorization. Instead of swiping their credit and debit cards, they dip - or insert - them into a terminal slot and await processing.

On the surface, this migration discourages purveyors of point-of-sale (POS) malware (as well as skimming software) from targeting chip-enabled terminals because it makes it harder for them to profit from what they steal. POS malware is designed to scrape and record credit card numbers and other data embedded on the magnetic stripe of cards - all information that can be used to create counterfeit cards. But it can't steal the chip.

So does that mean POS malware is retreating? Not yet. As the SpiderLabs team at Trustwave recently showed with its dissection of Carbanak - and considering the many other malware families that are still prominent - cybercriminals still think of POS malware as a viable and highly effective method to steal data that can be easily and quickly monetized. 

>> Download this free white paper on combating point-of-sale malware

Why is that the case? For starters, deployment of EMV (which is sometimes called chip-and-PIN or chip-and-signature) in the United States is proving lengthy, especially for small and midsize retailers, so criminals still have ample time to create cloned cards and cash in at certain brick-and-mortar locations. EMV also isn't universal - nor may it ever be - so there will remain opportunities in other regions of the world as well, at least for the foreseeable future.

In addition, fraud will continue to migrate online, where purchases can be made without the need of a physical card. The U.K. saw online, or card-not-present, fraud soar dramatically after the introduction of EMV because no chip is required during purchase. And experts said a similar fate awaits the United States, where online fraud is predicted to more than double between 2015 and 2018.

Bottom line, merchants must continue to protect themselves against point-of-sale attacks, and EMV isn't going to entirely eradicate the threat. In addition to migrating to EMV-compatible terminals, follow these six recommendations to help you outsmart the burglars.

 

1) Test Your Terminals

You must evaluate POS systems for tampering and remotely exploitable vulnerabilities - such as weak passwords, network segmentation and out-of-date operating systems - that can be leveraged for malware infiltration. One way to remedy this is through deep-dive penetration tests. If you don't have the skills to do this in-house, you can partner with a third-party expert.

 

2) Disable Remote Access and Employ Strong Passwords

A common way attackers hijack POS systems is with remote scanning and access tools, followed by the exploitation of easy-to-crack passwords. To combat this, you should limit or ban remote access, as well as strengthen passwords. Ideally use passphrases, since they are lengthier, but often easier to remember (i.e. MyD0gLikesPizza). Consider also deploying two-factor authentication to add an extra layer of security in case passwords are compromised.

 

3) Vet Your POS Providers

To get the most bang for their buck, intruders will often seek to compromise POS manufacturers or integrators to infect as many merchant locations as possible in a short period of time. You must continuously assess vendor risk and ensure these third-party providers have adopted and maintained the same security best practices as you have. This includes educating employees not to click on malicious links or attachments.

 

4) Rely on Preventive Technologies

Solutions such as web security gateways, data loss prevention, firewalls, intrusion prevention systems and endpoint protection can help identify attacks and close off ingress and egress points that can be misused. These technologies help allow you to identify malware in real time, scan outgoing web traffic, block attacks, restrict access and ensure only explicitly permitted ports and services are communicating with your network.

 

5) Monitor for Abnormalities

Monitoring for and reviewing strange logins, file changes and network traffic can help you flag malware early. Again, if you don't have the staff and skillsets necessary to observe your firewall and router logs, you can work with a security partner.

 

6) Protect the Data Itself

Attackers won't have any credit card data to steal if you can instantly make the information unreadable upon collection. Technologies like end-to-end encryption and tokenization make it difficult for attackers to use memory scrapers - a popular type of POS malware - to steal data being processed inside payment terminals and sent over the network.

 

Dan Kaplan is manager of online content at Trustwave and a former IT security reporter and editor.

Latest Trustwave Blogs

Defending Healthcare Databases: Strategies to Safeguard Critical Information

The healthcare sector continues to be a primary target for threat actors, with 2023 seeing a record number of data breaches and compromised records. While successful attacks are inevitable, it’s...

Read More

Trustwave SpiderLabs: Ransomware Gangs Dominate 2024 Education Threat Landscape

The security teams manning the defenses at the higher education and primary school system levels often find themselves being tested by threat actors taking advantage of the sector's inherent cyber...

Read More

LockBit Takedown: Law Enforcement Disrupts Operations, but Ransomware Threats Likely to Persist

The news that US, UK, and other international law enforcement agencies disrupted LockBit is welcome, as stopping any threat group activity is always a positive. The unfortunate aspect is this blow...

Read More