Hong Kong Point of Sale (POS) Systems’ Servers have been infected by Malware,report Hong Kong Computer Emergency Response Team (HKCERT).
Security firms FireEye and ArborNetwork have released reports on point of sale (POS) malware with that IP addresses in Hong Kong with POS malware ‘Command and Control’ (C&C) servers.
Cyber criminal use C&C servers to control infected computers, FireEye report further pointed out that the campaign ‘BrutPOS’ already stole payment card data with the malware.
Why cybercriminals target at POS system?
The security of POS system has become a hot topic since the Target breach. POS system becoming a favourable target of cybercrooks makes sense due to the following reasons:
To support various payment methods such as credit card, EPS (i.e. debit card), Octopus (i.e. contactless smart card), POS system has already evolved into a very complex system, including network interfacing with respective payment processors. That means various ‘attack surfaces’ can exist so that different types of breach can be carried out, e.g. memory scraping malware can expose credit card data stored in RAM before encryption.
POS system incorporates many value add functions, such as membership management, inventory management, interface to different payment processors etc. to support various business needs. That means not only financial data but also personal data also exist in the POS system.
POS system is widely adopted in various industries such as retail, food and beverage, hospitality, inventory etc. That means POS systems are installed in wide areas, and they may also be connected to corporate network through the Internet. That also increases the ‘attack surfaces’ for exploit.