Attention All Retailers: Beware of The New Memory-Scraping Malware

New memory-scraping malware was recently released to steal payment card data from point-of-sale (PoS) systems. According to cyber security firm, IntelCrawler, the malware, known as Decebal can steal encrypted data on the magnetic stripe of credit or debit cards.

What makes this new malware different from previous forms of memory-scraping malware?

• The practice of a scripting language to create malware isn’t typical for memory-scraping malware.
• Decebel evades malware analysis tools, like antivirus sandboxes and virtual machines.
• Once card data is collected, Decebal sends it to a command-and-control server, which sorts the information and stores it.
• In the past year alone, at least four separate forms of PoS scraping malware were developed.

The recent data breach that impacted 70 million credit and debit card owners, involved malware that was installed on PoS systems. Cybercriminals also stole payment card data from six more U.S. retailers using similar point-of-sale malware. The retailers have not been publicly named yet, but the pattern is becoming clear.

Cybercriminals are increasingly targeting retailers with memory-scraping malware.

So what can you do to protect your PoS systems from memory scraping malware?

It’s critical to protect Windows-based PoS systems in the same way you’d protect Windows-based computers. For example, hardware-based encryption should be implemented on card readers rather than in the PoS software.

The following are a few additional best practices to increase security of your PoS systems and prevent unauthorized access:

• Use Strong Passwords

Default passwords can be used to keep the PoS system installation process simple. These default passwords can be obtained online by cybercriminals. As a business owner it’s critical to change all your default passwords on a regular basis, including the passwords to your PoS system. Use strong passwords with a combination of letters, numbers, and systems.

• Prohibit Remote Access

Cybercriminals can exploit remote access configurations on PoS systems to access the network. It’s critical to prohibit remote access to the PoS network at all times.

• Install a Firewall

Firewalls can protect your PoS system from cyber-attacks by preventing unauthorized access to a private network. A firewall will prevent traffic from hackers, viruses, and other types of malware designed to compromise your PoS system.

• Use Antivirus Software

An antivirus program is used to prevent, detect, and remove malicious computer viruses. Remember to continually update your antivirus software, otherwise it won’t be effective.

• Update PoS Software Applications

PoS software applications must be updated with the latest software application patches. When updates aren’t installed in a timely manner, PoS systems are vulnerable to malware attacks.

• Restrict Access

Restrict access to PoS system computers or terminals to prevent users from unknowingly exposing the system to security threats on the Internet. Only use your PoS system online to conduct PoS related activities and avoid general Internet use.

To learn more about memory-scraping malware and how to protect your PoS system, give us a call at (613) 828-1384 or send us an email at info@fuellednetworks.com. Fuelled Networks can keep you up to date on the latest forms of malware and how to protect against them.