Company Logo



Home technology security Complex Malware hits US Retailers

Complex Malware hits US Retailers


Security

 Complex Malware hits US Retailers

According to a new research by iSight Partners, a sophisticated ModPOS malware has hit multiple national retailers and compromised millions of payment cards. The highlight of this particular malware is that it is extremely difficult to detect.

"The way that the malware is able to hide itself makes it extremely difficult for retailers to detect it with existing capabilities. It took months for researchers to get a clear view of this malware and reverse engineer it, and then the researchers have spent a month informing retailers about how to spot it," said Stephen Ward, senior director at Dallas-based cyber threat intelligence firm iSight Partners, Inc.

ModPOS is a highly modular malware that targets point of sale systems with keylogging, RAM scraping, credential theft and network reconnaissance functions.

"What we're seeing is shell code which consists of up to 600 functions, which is astronomical," said Maria Noboa, iSight's senior threat analyst. By comparison, typical shellcode would have just a handful of functions, she said. The ModPOS framework also involves hacked kernel drivers and that, Noboa said, is what makes this malware family very dangerous. "They are essentially rootkits, difficult to detect." she said.

The only positive thing about the malware is that its creators are not selling it on underground forums or otherwise distributing it to the public. "We have researchers around the world looking for any sign of people trying to share the code," she said. So far, there haven't been any. "This gives us an indication that the authors are holding it close to their chest because it's a profit center for them," she said. "We categorize this as author-slash-operator because we believe that the people who wrote the malware are the ones operating it." She added that it was difficult to determine who the authors are, or whether they are based.

"But there are indicators that point to Eastern Europe," she said. They include malicious domains in Russia and command and control infrastructure based in the Ukraine.

Many retailers are currently in the process of switching to EMV, which allows them to accept more secure chip-based payment cards at the point of sale terminal. "There is a tendency to think that if you have EMV terminals set up, you're good to go," Noboa said. "But it has to be implemented correctly, with true end-to-end encryption in place, including encrypting data in memory. That's key here, because point-of-sale malware capitalizes on data in memory. If it's not encrypted, ModPOS can still grab that data in clear text."


Business News


Recommended News


Most Featured Companies

ciobulletin-aatrix software.jpg ciobulletin-abbey research.jpg ciobulletin-anchin.jpg ciobulletin-croow.jpg ciobulletin-keystone employment group.jpg ciobulletin-opticwise.jpg ciobulletin-outstaffer.jpg ciobulletin-spotzer digital.jpg ciobulletin-virgin incentives.jpg ciobulletin-wool & water.jpg ciobulletin-archergrey.jpg ciobulletin-canon business process services.jpg ciobulletin-cellwine.jpg ciobulletin-digital commerce bank.jpg ciobulletin-epic golf club.jpg ciobulletin-frannexus.jpg ciobulletin-growth institute.jpg ciobulletin-implantica.jpg ciobulletin-kraftpal technologies.jpg ciobulletin-national retail solutions.jpg ciobulletin-pura.jpg ciobulletin-segra.jpg ciobulletin-the keith corporation.jpg ciobulletin-vivolor therapeutics inc.jpg ciobulletin-cox.jpg ciobulletin-lanner.jpg ciobulletin-neuro42.jpg ciobulletin-Susan Semmelmann Interiors.jpg ciobulletin-alpine distilling.jpg ciobulletin-association of black tax professionals.jpg ciobulletin-c2ro.jpg ciobulletin-envirotech vehicles inc.jpg ciobulletin-leafhouse financial.jpg ciobulletin-stormforge.jpg ciobulletin-tedco.jpg ciobulletin-transigma.jpg ciobulletin-retrain ai.jpg
ciobulletin-abacus semiconductor corporation.jpg ciobulletin-agape treatment center.jpg ciobulletin-cloud4wi.jpg ciobulletin-exponential ai.jpg ciobulletin-lexrock ai.jpg ciobulletin-otava.jpg ciobulletin-resecurity.jpg ciobulletin-suisse bank.jpg ciobulletin-wise digital partners.jpg ciobulletin-appranix.jpg ciobulletin-autoreimbursement.jpg ciobulletin-castle connolly.jpg ciobulletin-cgs.jpg ciobulletin-dth expeditors.jpg ciobulletin-form.jpg ciobulletin-geniova.jpg ciobulletin-hot spring it.jpg ciobulletin-kirkman.jpg ciobulletin-matrix applications.jpg ciobulletin-power hero.jpg ciobulletin-rittenhouse.jpg ciobulletin-stt logistics group.jpg ciobulletin-upstream works.jpg ciobulletin-x2engine.jpg ciobulletin-kastle.jpg ciobulletin-logix.jpg ciobulletin-preclinical safety (PCS) consultants ltd.jpg ciobulletin-xcastlabs.jpg ciobulletin-american battery solutions inc.jpg ciobulletin-book4time.jpg ciobulletin-d&l education solutions.jpg ciobulletin-good good natural sweeteners llc.jpg ciobulletin-sigmetrix.jpg ciobulletin-syncari.jpg ciobulletin-tier44 technologies.jpg ciobulletin-xaana.jpg

Latest Magazines

© 2024 CIO Bulletin Inc. All rights reserved.