Learn the Anatomy of POS Malware Attacks
POS security is a necessity for all businesses that use a Point-of-Sale system. At Comodo, we know that POS systems can be attacked by viruses and spyware, which can cause severe difficulties for companies and want everyone to understand how these attacks work. There are multiple steps to these attacks, including:
- Gain access to the network
- Traverse the network to gain access to the POS system
- Install POS malware to steal data
- Send stolen data to an internal staging server
- Exfiltrate stolen data from your system to attacker
More about the Anatomy and Steps
The infiltration stage is first, where they gain access to your network. There are multiple ways that POS malware can be used to gain access. The attacker usually looks for a weakness in your external systems, such as an SQL injection or a periphery device that uses a default password. They can also attack by sending spear-phishing emails to someone inside the organization, which contains malicious code in the attachment or a link that installs malware on the computer.
Once they get into the network, they have to get access to your Point-of-Sale system. They can use different tools to figure out the network and locate the correct system. They can also exploit POS vulnerabilities or use other techniques, but usually the easiest way is to gain access to user credentials by:
- Password-hash extraction
- Replaying captured logins
- Brute force
Once they can gain access to administrative credentials, they’re in, giving them access to every computer on the network. They can then use data-stealing tools, such as RAM-scraping or memory-scraping malware to collect credit card data.
The primary concern with POS malware attacks is that they take time to work and gather the necessary data, so the code has to remain on the terminal for an extended period and must be persistent. Our product can prevent these programs from attaching to the system in the first place, so contact us today for more information.