PoS malware detection volume grew 66% in Q3; SMBs most targeted

SMBs proved lucrative and easy point-of-sale (PoS) malware attack targets this quarter, reported Trend Micro. According to the Trend Labs report, SMB’s attacked the most with PoS malware by 45 percent.

Malware attacks in Point-of-Sale has been there for a while but most interesting is that cybercriminals have shifted from using targeted-attacking format to traditional mass-infection tools like spam, botnets, and exploit kits.

“Attackers went after as many vulnerable PoS devices as possible in hopes of hitting the jackpot. They relied on tried-and-tested tactics like spamming as well as tools like macro malware, exploit kits, and botnets. They must have done something right because the PoS malware detection volume grew 66 percent. SMBs, which had poorer protections in place compared with large enterprises, suffered most,” according to TrendLabs. “This could be due to the extensive customer databases they keep with minimal to non existent security. We’ll likely see more of such attacks in the future.”

The slow adoption of next-generation payment technologies like the Europay, MasterCard, and Visa (EMV) and contactless Radio-Frequency-Identification (RFID)-enabled credit cards, mobile wallets (Apple Pay and Android Pay), and new payment-processing architectures could also adversely affect the security landscape, the report said.

A PoS random access memory (RAM) scraper made its way into devices aided by the Angler Exploit Kit,which is known for using malvertisements and compromised sites as infection vector.

Kasidet or Neutrino malware began sporting PoS-RAM-scraping capabilities this quarter. Kasidet, a commercially available builder, is known for its use in DDoS attacks, hits into PoS systems via malware-laced spam. As a result, its latest iteration accounted for 12 percent of this quarter’s total PoS malware detection volume.

This July, a new GamaPOS variant spread mayhem with the help of the Andromeda botnet and the“dynamite or blast fishing” approach. Blast fishing is the practice of using explosives to stun or kill schoolsof fish for easy collection. Attackers spammed practically every address they could get their hands on inhopes that the malware would make their way to PoS systems. Their emails came with macro malwareattachments or links pointing to compromised websites.