Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
  HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 6 MINUTES AGO.
You are here: Home / Viruses & Malware / Firm Warns of ModPOS Malware
Security Experts Warn of 'Highly Sophisticated' ModPOS Malware
Security Experts Warn of 'Highly Sophisticated' ModPOS Malware
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
NOVEMBER
27
2015

As the holiday shopping season swings into high gear, a cybersecurity firm is warning of a "highly sophisticated" malware framework that could pose a threat to U.S. retailers using point-of-sale (POS) systems. Called ModPOS (for "modular POS"), the malware has been seen in the wild as far back as 2012, and was observed actively targeting businesses throughout 2014.

The Texas-based cybersecurity firm iSight Partners released a detailed report on ModPOS earlier this week, and has already briefed "numerous" retailers about the potential threat. The company said its experts are also working with the Retail Cyber Intelligence Sharing Center to help member businesses watch for and defend against the malware platform.

ModPOS is not only difficult to detect, but can be configured to target multiple and specific parts of retailers' POS systems. Based on some IP addresses observed as they reverse-engineered the platform, iSight researchers believe the malware might have ties to Eastern Europe.

'Most Sophisticated' POS Malware to Date

ModPOS was "the most sophisticated point-of-sale (POS) malware we have seen to date," Stephen Ward, iSight's senior director of marketing, said a blog post. "In a nutshell, this is not your daddy's run-of-the-mill cybercrime malware."

With its complex and sophisticated code base, ModPOS can slip undetected past many types of modern security systems, Ward said. Its modular nature also provides multiple attack routes, with keylogger, POS scraper and uploader/downloader modules that make it possible to target unique aspects of retailers' POS systems.

ModPOS also features custom plugins and other specialized functions, Ward noted. "Given its sophistication, it has taken our malware analysis ninjas a substantial amount of time to reverse-engineer the software," he said.

Even Smart-Card Systems Vulnerable

The ModPOS injected shellcode appears to be written in C and features a very large number of functions, according to an intelligence report prepared by iSight researchers. The services injection, for example, has nearly 600 functions, while the typical shellcode has just 0 to five.

One module of ModPOS has been seen capturing credit-card track Relevant Products/Services out of POS systems' memories, indicating "possible targeting of any sector that uses POS systems, including retail, food services, hospitality and healthcare."

Even retailers with more advanced POS systems using EMV smart card (also called chip-and-PIN) technology can be vulnerable to ModPOS, according to iSight. If the POS system isn't configured to support end-to-end encryption and encrypted data in memory, ModPOS -- as well as other malware that uses RAM scraping techniques -- can still enable access to customers' payment card data, Ward said. That data can then be reused for online purchases where the physical presence of a payment card isn't needed.

In its most recent Data Breach Investigations Report, Verizon found that retailers across 61 different countries on average experienced more than 800 malware attacks a week in 2015. Attacks are also becoming increasingly sophisticated, with some 70 percent using a combination of techniques, according to the report.

Tell Us What You Think
Comment:

Name:

Ak Vashist:
Posted: 2016-01-31 @ 9:13pm PT
These days, various online services provide the best retail POS software. The most important point to be kept in mind is that these service providers should be reliable and secure.

Joe Example:
Posted: 2015-11-27 @ 2:42pm PT
Verizon told their clients on Tuesday that ModPOS was not a significant new risk.

Like Us on FacebookFollow Us on Twitter
MORE IN VIRUSES & MALWARE
ENTERPRISE SECURITY TODAY
NEWSFACTOR NETWORK SITES
NEWSFACTOR SERVICES
© Copyright 2017 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.