Point of Sale systems that process debit and credit cards are still being attacked with an
increasing variety of malware. Over the last several years PoS attack campaigns have
evolved from opportunistic attacks involving crude stealing of card data with no
centralized Command & Control, through memory scraping PoS botnets with centralized
C&C and most recently to highly targeted attacks that require a substantial amount of
lateral movement and custom malware created to blend in with the target organization.
While contemporary PoS attackers are still successful in using older tools and
methodologies that continue to bring results due to poor security, the more ambitious
threat actors have moved rapidly, penetrating organizational defenses with targeted
attack campaigns. Considering the substantial compromise lifespans within
organizations that have active security teams and managed infrastructure, indicators
shared herein will be useful to detect active as well as historical compromise.
Organizations of all sizes are encouraged to seriously consider a significant security
review of any PoS deployment infrastructure to detect existing compromises as well as
to strengthen defenses against an adversary that continues to proliferate and expand
attack capabilities.
More here.........http://pages.arbornetworks.com/rs/arbor/images/ASERT%20Threat%20Intelligence%20Brief%202014-06%20Uncovering%20PoS%20Malware%20and%20Attack%20Campaigns.pdf
increasing variety of malware. Over the last several years PoS attack campaigns have
evolved from opportunistic attacks involving crude stealing of card data with no
centralized Command & Control, through memory scraping PoS botnets with centralized
C&C and most recently to highly targeted attacks that require a substantial amount of
lateral movement and custom malware created to blend in with the target organization.
While contemporary PoS attackers are still successful in using older tools and
methodologies that continue to bring results due to poor security, the more ambitious
threat actors have moved rapidly, penetrating organizational defenses with targeted
attack campaigns. Considering the substantial compromise lifespans within
organizations that have active security teams and managed infrastructure, indicators
shared herein will be useful to detect active as well as historical compromise.
Organizations of all sizes are encouraged to seriously consider a significant security
review of any PoS deployment infrastructure to detect existing compromises as well as
to strengthen defenses against an adversary that continues to proliferate and expand
attack capabilities.
More here.........http://pages.arbornetworks.com/rs/arbor/images/ASERT%20Threat%20Intelligence%20Brief%202014-06%20Uncovering%20PoS%20Malware%20and%20Attack%20Campaigns.pdf