With so much of retailers' profitability tied up in the holiday season, now would be the worst time for malware to infect point-of-sale (POS) systems. Yet that's precisely what's happening.
Criminals are targeting point-of-sale systems with malware, looking to grab credit card information at the point of collection, writes security vendor Seculert in a blog post Tuesday. "Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware. Dexter is one example of such malware."
The custom-made malware has been used over the past two to three months to infect hundreds of POS system in 40 countries -- 42 percent in the US and 19 percent in the UK. Infected companies include big-name retailers, hotels, restaurants, and private parking providers, according to Seculert.
The name "Dexter" comes from a string found in one of the related files.
Seculert researchers found a sample of the Dexter malware while investigating other threats, according to Computerworld. After analyzing the malware, the researchers accessed a command and control server hosted in the Republic of Seychelles, where the malware uploaded stolen payment card data.
Seculert is uncertain how the systems are targeted. But more than 30 percent of infected systems are Windows servers. That means it's unlikely the systems are used for web browsing, which is a typical channel for infection, when users visit infected sites. Most likely, the attackers compromised other computers on the same network and then infected the POS systems, according to Computerworld.
Dexter isn't the first malware targeting POS. Two weeks ago, Romanian authorities arrested 16 suspected members of a crime ring that installed malware on POS systems belonging to foreign companies operating gas stations and grocery stores, resulting in more than $25 million in fraudulent transactions performed with 500,000 payment cards, writes Computerworld.
Infecting a POS system with malware is a more direct attack than the usual method, where crooks rig the systems with hardware sniffers that steal card information onsite, according to Dark Reading.
Barnes & Noble was recently victim of such an attack, with rogue PIN pad devices discovered in September at more than 60 stores nationwide, apparently the work of fraudsters who rigged just one device at each store. "Security experts speculated that the crime involved physical tampering with the devices," according to Dark Reading.
Installing malware "is actually simpler and less risky than affixing a skimmer to the PIN pad devices," Seculert CTO Aviv Raff told Dark Reading. "The problem with a skimmer is you have to go there physically to install it."
Dexter and other attacks on POS systems are sending a clear message for IT security managers: Secure your POS systems, or you'll get a lump of coal for the holidays.
3 Simple (but Drastic) Steps to Enhance Security
'LOL Here's Your New Malware'
Fresh Takes on Enterprise Security
— Mitch Wagner , Editor in Chief, Internet Evolution