Sophisticated malware could be lurking at the checkout waiting to harvest credit card details as US shoppers rush to the stores this week in the annual post-Thanksgiving shop-a-thon.
iSight Partners, a threat intelligence company, has discovered a new kind of point-of-sale malware, short for malicious software, that it says is cleverly designed to be difficult to spot and to collect financial details in several different ways.
Maria Noboa, senior technical analyst at iSight Partners, said that in years of studying malware designed to attack cash registers it was the “most sophisticated point of sale malware ever seen to date”.
iSight discovered the malware, which it has dubbed ModPos, had been used in breaches at US retailers in 2013 and 2014, during a wave of attacks that broke records for the amount of customer data that were lost, including a large scale attack on Target over Thanksgiving in 2013. It was not the exact malware used in that attack or in any of the other publicised breaches.
The malware has not seen it used so far this year but iSight has described it as like a Swiss army knife because has so many functions and so is particularly hard to reverse engineer.
Ms Noboa said: “There is new point of sale malware every week which takes our engineers 20 to 30 minutes to reverse the code. With this it took them about three weeks to determine it was indeed malicious and then several more weeks, two of them working at the same time, to figure out what each module consists of.”
Wendy Nather, research director at the Retail Cyber Intelligence Sharing Center in the US, said retailers are looking to see if they still have the malware on their systems — but that they will not necessarily talk openly about a successful breach before they are in a position to tell customers exactly what happened.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
She warned that the hackers, who iSight believe may come from eastern Europe, could jump from the point of sale system to other parts of the network, compromising even more data.
But Ms Nather said this is a difficult week for retailers to address the problem, as they often have a “change freeze” in place to ensure the networks are not destabilised during the key period for their bottom line.
“It will be difficult for retailers to deal with this at the same time as having smooth operations for Black Friday and Cyber Monday,” she said. “They will have to deal with it more surgically, they can’t just do a clean sweep and take anything down.”
Date: November 24, 2015