Point-of-sale (PoS) malware attacks are affecting more and more small and medium-sized businesses (SMBs), with experts estimating the trend to continue well into next year.
According to a report by security firm Trend Micro, SMBs were heavily affected in the third quarter of 2015, as cybercriminals went after as many vulnerable PoS devices as possible in hopes of hitting one or two truly desired targets.
“[Attackers] relied on tried-and-tested tactics like spamming, as well as tools like macro malware, exploit kits and botnets,” read the report. “They must have done something right because the PoS malware detection volume grew 66%.”
The significant spike in these attacks was first seen in July, when an Andromeda botnet-powered spam campaign was found delivering a new GamaPOS variant.
Cybercriminals then used the sophisticated Angler exploit kit to search for and infect vulnerable PoS systems.
Leveraging malvertisements and compromised sites, the threat managed to affect a number of organizations spread across 13 U.S. states.
Furthermore, in September, variants of the Kasidet or Neutrino malware resurged with PoS RAM scraping capabilities, with its detections comprising 12 percent of the total number of PoS malware detections in Q3.
“PoS malware targeting SMBs is notthing new,” said Numaan Huq, senior threat researcher at Trend Micro.
“What’s new is that cybercriminals have shifted from using targeted-attack-style to traditional mass-infection tools like spam, botnets and exploit kits.”
Huq adds that although “casting a wider net” can result in the malware being more quickly detected and neutralized, cybercriminals take the risk because it’s almost certain they will uncover new victims.
The report also notes that attackers’ choice to use age-old tactics this quarter may have been a last-ditch effort to gain more victims before US merchants transitioned to adopt EMV (chip-and-PIN) credit cards.