Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Small retailers under siege by POS malware

Caroline Ng | June 4, 2013
The retail sector is witnessing a significant swathe of data breaches with malware harvesting data from point-of-sale (POS) systems.

The retail sector's point-of-sale (POS) systems have been under attack by an upward trend of malware in the last six months, according to security company, Sophos.

Small retailers with poor security measures are most prone to cyber attacks as large numbers of smaller targets were preyed for little cash with lesser risk.

Sumit Bansal, director of Sophos ASEAN, said vulnerable POS systems are identifiable by cyber criminals remotely through the Internet to harvest information, including credit card details. "Cyber criminals are after organisations with less investment in defensive counter measures," he said.

The attack on small businesses is in contrary to the recent high profile targeted attacks where cyber criminals make windfalls from victims who sustained huge damages.

POS vulnerability
The main objective of POS-targeting families is to harvest data and ultimately converting them into cash, according to Internet security research firm, Team Cymru.

The Internet security company also published in-depth studies on various major malware strains.

The studies revealed the complex web of symbiotic relationships between several seemingly different malware strains. This suggests a sophisticated ecosystem for the incubation of ideas and resources in the cyber underworld.

The resulting effect is a prevalence of diligently improvised malware strains that are available for sale online, further exploiting the POS vulnerability.

Mitigation: Chip-and-pin
It is not all gloom and doom for data breaches in payment systems. Reports have found that worldwide data breaches share a common trait of not having a chip-and-pin system in place.

The chip-and-pin system protects against indiscriminate data-harvesting conducted by the likes of 'Alina', 'Vskimmer' and 'Dexter.'

According to Sophos, the universal implementation of up-to-date chip-and-pin system will eradicate the cabal of scammers and reduce crime at the tills.

Sophos advises businesses to ensure that services with remote access have secure passwords as default passwords are easily cracked.


Sign up for CIO Asia eNewsletters.