Researchers warn of an increase in Point of Sale (PoS) malware attacks utilizing several strains of malware, including Project Hook and several variants of Dexter.

PoS malware is designed to work right at the check stand, stealing user’s credit and debit card information and transaction data.

“In early November 2013, ASERT researchers discovered two servers hosting Dexter and other POS malware to include Project Hook,” the researchers said.

“The exact method of compromise is not currently known, however PoS systems suffer from the same security challenges that any other Windows-based deployment does. Network and host-based vulnerabilities (such as default or weak credentials accessible over Remote Desktop and open wireless networks that include a PoS machine), misuse, social engineering and physical access are likely candidates for infection.”

According to the researchers, the Dexter variants detected include:

  • Stardust (looks to be an older version, perhaps version 1)
  • Millenium (note spelling)
  • Revelation (two observed malware samples; has the capability to use FTP to exfiltrate data)

“Smaller businesses are likely an easier target due to reduced security. While the attackers may receive less card data from smaller retailers, infections may be more numerous and last longer due to the lack of security reporting and security staff in such environments.”

The researchers have produced a reference document that includes a list of  compromise indicators and details about the PoS malware operation’s infrastructure, and can be downloaded here (PDF):  Dexter and Project Hook Break the Bank.

Read More Here…

Categories:

Tags: , , , , , , , , , , ,


Leave a Reply

Anthony M Freed

Anthony M Freed has contributed 476 posts to The State of Security.

View all posts by Anthony M Freed >