The CEO of Target revealed their Point-of-Sale (PoS) systems were infected with malware. This resulted in the massive data breach that occurred over the holiday shopping season. Target’s data breach impacted nearly 110 million shoppers.
Here’s What Happened.
When a customer swiped their card at the Target PoS terminal to authorize their transaction, the data encoded on the card was temporarily stored in the system’s RAM (random access memory). It was later read by malware that had been installed on the machine.
Malware programs designed to infect PoS systems are known as RAM scrapers. These programs search terminal’s RAM to steal transaction data.
After Target’s data breach, businesses and customers alike are concerned about memory-scraping malware.
Here What You Need To Know.
- Memory-Scraping Malware Targets All Types of Organizations.
Retailers aren’t the only targets. One of the first RAM attacks occurred when PoS systems were compromised at a university and several hotels back in 2011. Any business or organization is at risk.
- Encryption Won’t Protect You
Memory-scraping malware is designed to target data located in memory where it’s stored in plaintext format. Cybercriminals design memory-scraping malware to read this format.
- You Can’t Encrypt Data in a PoS System
Unfortunately, it’s not possible to encrypt data in the PoS system memory. Before the system can process any data is must be decrypted in the memory. Cybercriminals design memory-scraping malware to steal information as soon as this happens.
- Memory-Scraping Malware Comes in Many Forms
The U.S. Computer Emergency Readiness Team (US-CERT) said two types of memory-scraping malware are currently being used to intercept data:
Dexter—Which deconstructs the memory to find data.
Stardust —Which extracts data from memory and internal network traffic.
- Unsecured Wireless Networks Provide an Entry Point
PoS systems are network-connected which means any system connected to the network could be an access point for malware. Unsecured wireless networks also provide an entry point for attackers. PoS systems are vulnerable to phishing attacks because malware can jump from an infected PC to a PoS system.
- Memory-Scraping Malware Is Easy to Hide
If an attacker gains access to the network that connects to PoS systems, it will be difficult to detect the attacks. Attackers often use antivirus evasion techniques to keep the malware hidden.
So, What Should You Do?
Use a Secure PoS Network To Block Memory-Scraping Malware.
The US-CERT recommends employing six security measures to avoid memory-scraping malware attacks:
- Use strong passwords to access PoS systems.
- Always keep PoS software up to date.
- Use firewalls to isolate the PoS production network from the Internet or other networks.
- Limit access to the Internet from the production network.
- Use up-to-date antivirus tools.
- Disable remote access to PoS systems.
It’s essential to stay informed on the latest data breaches and malware used to steal sensitive information. To learn more about memory-scraping malware, give us a call at (408) 849-4441 or send us an email at info@veltecnetworks.com. Veltec Networks can help you stay informed about the latest data breaches and types of malware used to steal sensitive information.