Do not use Windows for POS
World's most complex cash register malware plunders millions in US
The world's most complex sales till malware has been discovered ... after it ripped millions of bank cards from US retailers on the eve of post-Thanksgiving shopping frenzies. The ModPOS malware has pilfered "multiple millions" of debit and credit cards from the unnamed but large retail companies incurring millions of dollars …
COMMENTS
-
Tuesday 24th November 2015 10:06 GMT Ru'
"The encryption used for network and command and control data exfiltration and communication is protected with 128 bit and 256 bit encryption, with the latter requiring a new private key for each customer."
Yet another reason encryption should be banned. These POS terminals should communicate in plain text obviously...
-
Tuesday 24th November 2015 14:01 GMT Sir Runcible Spoon
Sir
If this has been in the wild for so long, you can bet that they have already engineered a replacement that does not rely on the same obfuscation tricks that this one uses, as they are now obviously compromised.
These people are clever - they would have planned ahead and will already be deploying the new variant (assuming it isn't already out there).
-
Tuesday 24th November 2015 21:43 GMT Roland6
Re: Sir
Whilst iSight have raised the profileof the POS module, they also note that the framework could have wider applicability ie. we don't know if variants exist on other Windows systems...
The report makes interesting reading and contains the hard-coded IP addresses for the C&C server...
-
-
Tuesday 24th November 2015 22:30 GMT Sproggit
Escape Route?
We're seeing more of this sort of thing every day, week, month. One thing remains curiously absent from developments, though, which is any form of consequences for the vendor. [Aside, perhaps from the reputational damage - but memories seem short]. If companies were
1. Taking all reasonable steps to protect their data
2. Not grabbing data that they should not take and do not need
3. Keeping all their technology patched and secure
4. Deploying cyber controls adequate to the risks
then we would likely be seeing less than this. If these retail outlets were vehicle manufacturers shipping cars and trucks with defective breaks, you would expect to see government getting involved and prosecutions for corporate negligence in the works. So why don't we see lawmakers offering to step in and protect the little people from cyber security negligence?