The Macrosite for News, Analysis and Opinion about the Future of the Internet
Mitch Wagner

'Dexter' Malware Bleeds Retail POS Systems

Written by Mitch Wagner
12/12/2012 14 comments
DISCUSS     Email This

With so much of retailers' profitability tied up in the holiday season, now would be the worst time for malware to infect point-of-sale (POS) systems. Yet that's precisely what's happening.

Criminals are targeting point-of-sale systems with malware, looking to grab credit card information at the point of collection, writes security vendor Seculert in a blog post Tuesday. "Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware. Dexter is one example of such malware."

The custom-made malware has been used over the past two to three months to infect hundreds of POS system in 40 countries -- 42 percent in the US and 19 percent in the UK. Infected companies include big-name retailers, hotels, restaurants, and private parking providers, according to Seculert.

The name "Dexter" comes from a string found in one of the related files.

Seculert researchers found a sample of the Dexter malware while investigating other threats, according to Computerworld. After analyzing the malware, the researchers accessed a command and control server hosted in the Republic of Seychelles, where the malware uploaded stolen payment card data.

Seculert is uncertain how the systems are targeted. But more than 30 percent of infected systems are Windows servers. That means it's unlikely the systems are used for web browsing, which is a typical channel for infection, when users visit infected sites. Most likely, the attackers compromised other computers on the same network and then infected the POS systems, according to Computerworld.

Dexter isn't the first malware targeting POS. Two weeks ago, Romanian authorities arrested 16 suspected members of a crime ring that installed malware on POS systems belonging to foreign companies operating gas stations and grocery stores, resulting in more than $25 million in fraudulent transactions performed with 500,000 payment cards, writes Computerworld.

Infecting a POS system with malware is a more direct attack than the usual method, where crooks rig the systems with hardware sniffers that steal card information onsite, according to Dark Reading.

Barnes & Noble was recently victim of such an attack, with rogue PIN pad devices discovered in September at more than 60 stores nationwide, apparently the work of fraudsters who rigged just one device at each store. "Security experts speculated that the crime involved physical tampering with the devices," according to Dark Reading.

Installing malware "is actually simpler and less risky than affixing a skimmer to the PIN pad devices," Seculert CTO Aviv Raff told Dark Reading. "The problem with a skimmer is you have to go there physically to install it."

Dexter and other attacks on POS systems are sending a clear message for IT security managers: Secure your POS systems, or you'll get a lump of coal for the holidays.

Related posts:

— Mitch Wagner Circle me on Google+Follow me on TwitterVisit my LinkedIn pageSubscribe to my Facebook feed, Editor in Chief, Internet Evolution

Channel: Enterprise IT, Security
Tags: Retail
DISCUSS     Email This
Current display:       newest comments first       display in chronological order
Page 1 of 2   Next >
aum007
Thinkernetter
Monday December 31, 2012 6:16:52 AM
no ratings

Kim,

True.

This behaviour has been going on for ages and ages now(In Tech terms).

aum007
Thinkernetter
Monday December 31, 2012 6:14:14 AM
no ratings

Kurt,

Not so sure.

There are many different ways in which Hackers can attack POS systems today.

My personal belief is you want to store as little Personal Information outside the Perimeter as possible.

And even with that Data you want to get as much as possible back to Higher Ground(Where Data is defended better with more levels of protection);Quickly.

Oh yeah and you wanna patch as soon as a vulnerability arises in the wild(after sufficent tests) and not wait forever to patch which is typical of Vendors like Oracle,Adobe and Apple today.

Regards

Ashish.

Kurtkeys
IQ Crew
Thursday December 20, 2012 1:18:47 PM
no ratings

Like I stated earlier, the POS companies can set their perimeter defenses to prevent egress of this sort of information from leaving their networks, the hack would be successful but the payoff would be zero and the log of the denied data would include the ip address of the machine collecting the card info giving law enforcement a chance to disrupt the crooks. One such intrusion prevention device that does this is made by Tippingpoint, but Cisco and Bluecoat have similar functions, they just require more work to configure it to work that way

Kurtkeys
IQ Crew
Thursday December 20, 2012 1:11:23 PM
no ratings

not so. maybe partially. But in the case of a debit card the money comes from your bank account and not from the card company

Kurtkeys
IQ Crew
Thursday December 20, 2012 1:08:19 PM
no ratings

It truly is tragic. But it helps to remember, especially at Christmas time, there are evil people amongst us

mtechie
IQ Crew
Wednesday December 19, 2012 9:19:28 PM
no ratings
It's too bad the bad guys are set on taking other people's money. Technological innovation should be for the good not evil. Paying only with cash might be an option except in the event of fire or home invasion.
Kurtkeys
IQ Crew
Tuesday December 18, 2012 4:55:06 PM
no ratings

I'm sure you have. But this differs from those in a couple of very subtle but devious ways. This is not a hardware device placed on the machine to capture info. It is software  that is remotely installed and the user has no way to detect it's presence.

Kim Davis
Thinkernetter
Tuesday December 18, 2012 4:44:16 PM
no ratings

Haven't I read about similar skimmers being installed in ATM machines?

Kurtkeys
IQ Crew
Monday December 17, 2012 3:58:32 PM
no ratings

there's really no hope for credit card user in this instance. By the time the user finds out that the POS system was infected his credit information has already been stolen. Also there is some information coming out that Dexter is related to zeus and that little malware it's a known entity with volumes written about how to detect it. There are some configuration settings in certain intrusion prevention systems and firewall devices that could be set to prevent point-of-sale servers and devices from sending the payload up to the firewall. Just a little logic for those in need.

Respectfully,

Kurt

stotheco
IQ Crew
Sunday December 16, 2012 5:32:34 AM
no ratings

True. Security is an on-going, never-ending task because technology is always moving forward, changing, and evolving. Hackers and other malicious users will always try to find a loophole or write virus and malware to hack the system. IT people cannot afford to take a break when their enemies are as numerous and active as these.

Page 1 of 2   Next >
The ThinkerNet does not reflect the views of TechWeb. The ThinkerNet is an informal means of communication to members and visitors of the Internet Evolution site. Individual authors are chosen by Internet Evolution to blog. Neither Internet Evolution nor TechWeb assume responsibility for comments, claims, or opinions made by authors and ThinkerNet bloggers. They are no substitute for your own research and should not be relied upon for trading or any other purpose.
previous posts from Security Clan Editor's Blog
Kim Davis
Kim Davis   5/21/2013   13 comments
Extending existing US wiretap laws to give federal agencies easier backdoor access to Internet communications -- especially real-time P2P services like VoIP -- will give, not only aid and comfort, but also technical assistance, to the country's enemies. Not to mention cyberthieves.
Kim Davis
Kim Davis   5/15/2013   11 comments
When David E. Sanger of The New York Times broke the news that the United States was responsible for the Stuxnet malware exploit against Iran's nuclear program, Senator John McCain accused the administration of deliberately leaking the story to enhance President Obama's national security record.
Kim Davis
Kim Davis   5/8/2013   14 comments
The Gamma Group's business of supplying surveillance technology exclusively for use by government agencies may be legitimate. But not when it poses as the popular, free, open-source web browser Firefox.
Kim Davis
Kim Davis   5/1/2013   41 comments
If you were concerned about Twitter handing over your private data to the government, think again.
Kim Davis
Kim Davis   4/24/2013   18 comments
Yesterday's hack of the official Associated Press Twitter feed demonstrated the enormous risk attached to the platform's lazy, single factor approach to security.
5
of
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   3 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Drives Conversions With Analytics
3|1|13   |   1:20   |   No comments

The automotive website uses propensity modeling of customer behavior to convert more site visitors into leads, says Brian Baron, director of business analytics, in an interview at the Predictive Analytics Innovation Summit.
Second Shooter
Terrorists Attack Our Refrigerators!
2|28|13   |   2:22   |   No comments

50 billion household devices will be on the Internet by 2020, according to Cisco. And we're hearing foreign governments are hacking our infrastructure. Surely our refrigerators are next!
Mitch Wagner
Brands Make the Most of Limited Online Resources
2|27|13   |   2:46   |   3 comments

Marketers at companies such as Whole Foods are putting colleagues in other departments to work on social media to make up for their own scant budgets.
Alison Diana
Striking a Balance for Website Upgrades
1|24|13   |   1:59   |   3 comments

Companies need to take advantage of new technologies to simplify interfaces, improve capabilities, and enhance back-office processes. But they can't upgrade their Websites too often.
Wisdom of the Big Chair
IT Losing the Security Battle
1|7|13   |   3:15   |   No comments

ITRC found that more than 600 security breaches took place in 2012. Flaws were found in some of the nation's most respected companies: Apple, Citibank, and Wells Fargo. So, it seems the bad guys are doing better than the men in the white hats.
Mary E. Shacklett
Financial Services Policies Lag Tech Advances
12|4|12   |   2:18   |   6 comments

Regulations haven't kept up with advances in mobile devices and credit cards.
IETV: the thinkerNet on film
5
of
Kim Davis
Big-Data Can’t Always Sell Wine
5|21|13   |   2:23   |   3 comments

Whole Foods Global Wine Purchaser Doug Bell told me about some of the constraints on using analytics in the US wine market.
Paul J. Fleuranges
Digital Signage Keeps NYC Subway Straphangers on Track
5|6|13   |   3:51   |   No comments

New York's Metropolitan Transit Authority is conducting a pilot test of digital kiosks to guide subway users to where they want to go more efficiently and at lower cost.
Kim Davis
Fast Forward to the Future
4|23|13   |   2:29   |   20 comments

A look back at tech writing in the 90s makes us wonder where enterprise IT will be 20 years from now.
Mitch Wagner
Google Launches Its Most Depressing Service Yet
4|15|13   |   2:59   |   10 comments

Google's new Inactive Account Manager lets you control how Google disposes of your accounts when you die.
Second Shooter
Argument Over Top-Level Domains Is 'Stupid'
4|11|13   |   2:07   |   3 comments

The whole Amazon.reader debate is a double-stupid. It's stupid to think that there's any e-book buyer who doesn't know Amazon's URL, and it was stupider to let ICANN launch the whole free-form TLD initiative to start with.
Kim Davis
Ladies, Your Tablet Awaits
3|21|13   |   2:22   |   37 comments

ePad Femme is the world’s first tablet “made exclusively for women.”
Wisdom of the Big Chair
NFC Moves Into the Mainstream
3|20|13   |   2:16   |   No comments

While NFC's original goal was to enhance mobile commerce applications, it is finding its way into a number of other uses, which is creating both opportunity as well as challenges for IT departments.
Wisdom of the Big Chair
Integrating Security Into Your Cloud Contract
3|19|13   |   3:35   |   No comments

Enterprises would like to move to cloud computing but are hesitant because they are concerned about providers’ ability to secure company data. Here are some tips that help to ensure that if breaches occur, the business is not left holding the bag.
Brian Baron
How Edmunds.com Collects Customer Information
3|18|13   |   1:15   |   No comments

Edmunds separates customers into segments based on the info it collects on its site and from partners, and uses that to push out custom content, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
Brian Baron
How Edmunds.com Uses Analytics to Customize Site
3|14|13   |   0:47   |   No comments

The automotive website uses propensity modeling to target ads and customer registration forms, said Brian Baron, director of business analytics for Edmunds.com, at Predictive Analytics Innovation Summit.
an IBM information resource
sponsored content
big blue blog
Todd Watson
an IBM information resource
sponsored content
Expert Integrated Systems: Changing the Experience & Economics of IT
In this e-book, we take an in-depth look at these expert integrated systems -- what they are, how they work, and how they have the potential to help CIOs achieve dramatic savings while restoring IT's role as business innovator.
READ THIS eBOOK
your weekly update of news, analysis, and
opinion from Internet Evolution - FREE!
REGISTER HERE
Wanted! Site Moderators
Internet Evolution is looking for a handful of readers to help moderate the message boards on our site – as well as engaging in high-IQ conversation with the industry mavens on our thinkerNet blogosphere. The job comes with various perks, bags of kudos, and GIANT bragging rights. Interested?

Please email: moderators@internetevolution.com
Internet Evolution – not for thickies
Keep Critical Data With a Knowledge Management System
Taimoor Zubair
Fortune 500 companies lose at least $31.5 billion a year by failing to share knowledge. A Knowledge Management System (KMS) can help companies significantly reduce these costs.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Smartphone Influx Stresses IT Help Desks
Paul Korzeniowski
The smartphone market reached a significant milestone, a breakthrough that may cause vendors to celebrate but could strain the capabilities of IT service desks.
CLICK FOR MORE
M2M: Rise of the Machines? Not Yet
David Weldon
In the 1970 science fiction thriller Colossus: The Forbin Project, two giant supercomputers from the United States and Soviet Union secretly join forces to take control of the collective nuclear might of the two countries. In the film, the two machines discover each other's existence, communicate back-and-forth, share their collective data, and cut their human creators out of the process. It is the ultimate example of machine-to-machine communications, or M2M.
CLICK FOR MORE
Yahoo Needs to Break Tumblr in Order to Fix It
Joe Stanganelli
As Mitch Wagner discussed today, Yahoo is acquiring Tumblr. The big Internet debate at the moment is whether Tumblr will be good or bad for Yahoo. Regardless of their stances on the future of Yahoo itself, many claim that Yahoo will somehow ruin Tumblr.
CLICK FOR MORE