Security Researchers at Cisco have revealed details of a new point of sale (PoS) attack that could part firms from money and users from personal data.
The threat has been called PoSeidon by the Cisco team and comes at a time when eyes are on security breaches at firms like Target.
Ultimately, the malware targets POS systems, scrapes the memory of infected machines for payment card information, and exfiltrates the data to servers – many of which are hosted on Russian domains.
Upon infection, PoSeidon takes steps to achieve persistence so that the malware will survive should there be a system reboot, according to the post. The C&C is then contacted, which leads to a minimal keylogger being installed,the keylogger is installed to pull credit card data.
Next, the malware begins scanning the memory of the infected POS device for sequences of digits that could be payment card numbers, the post indicates.
PoSeidon only looks for 16-digit sequences beginning with four, five, and six – for Mastercard, Visa, and Discover cards – and 15-digit sequences beginning with three for American Express cards, the post notes. The Luhn algorithm is used to verify that the numbers are actual payment card numbers.
For organizations, securing against these types of threats should involve a threat-centric approach built on superior visibility, continuous control, and advanced threat protection across the extended network and the entire attack continuum.
