Image

"While Figure 1 shows occasional spikes with a regular ebb and flow of network activity for several POS malware families, Proofpoint researchers observed 3-4x increases in data exfiltration traffic related to ZeusPOS and NewPOSthings variants over the Thanksgiving weekend.
Image

Image

"The 'personalized actor' or TA530 frequently engages in small to medium-sized campaigns that involve personalized emails and lures to increase their effectiveness. We observed campaigns from this actor targeting big-box retailers and grocery chains in July and October. The attacks involved thousands of messages dropping AbaddonPOS via TinyLoader. The attacker uses a personalized 'client feedback' email with the recipient's name in the subject, attachment name, and email body that references a specific store location.... This creates a socially engineered, legitimate-looking lure that entices users to open an attached Word document and enable macros. Enabling macros installs TinyLoader which in turn installs AbaddonPOS."These and other campaigns indicate bad actors are increasingly using personalization, social engineering techniques, and diverse means of distribution to deliver POS malware to organizations. Companies working towards PCI compliance must therefore make an effort to protect customers against that growing threat. They can do so by investing in a solution that's capable of detecting POS threats in real-time.