The CEO of Target revealed their Point-of-Sale (PoS) systems were infected with malware. This resulted in the massive data breach that occurred over the holiday shopping season. Target’s data breach impacted nearly 110 million shoppers.
Here’s What Happened.
When a customer swiped their card at the Target PoS terminal to authorize their transaction, the data encoded on the card was temporarily stored in the system’s RAM (random access memory). It was later read by malware that had been installed on the machine.
Malware programs designed to infect PoS systems are known as RAM scrapers. These programs search terminal’s RAM to steal transaction data.
After Target’s data breach, businesses and customers alike are concerned about memory-scraping malware.
Here What You Need To Know.
Retailers aren’t the only targets. One of the first RAM attacks occurred when PoS systems were compromised at a university and several hotels back in 2011. Any business or organization is at risk.
Memory-scraping malware is designed to target data located in memory where it’s stored in plaintext format. Cybercriminals design memory-scraping malware to read this format.
Unfortunately, it’s not possible to encrypt data in the PoS system memory. Before the system can process any data is must be decrypted in the memory. Cybercriminals design memory-scraping malware to steal information as soon as this happens.
The U.S. Computer Emergency Readiness Team (US-CERT) said two types of memory-scraping malware are currently being used to intercept data:
Dexter—Which deconstructs the memory to find data.
Stardust —Which extracts data from memory and internal network traffic.
PoS systems are network-connected which means any system connected to the network could be an access point for malware. Unsecured wireless networks also provide an entry point for attackers. PoS systems are vulnerable to phishing attacks because malware can jump from an infected PC to a PoS system.
If an attacker gains access to the network that connects to PoS systems, it will be difficult to detect the attacks. Attackers often use antivirus evasion techniques to keep the malware hidden.
The US-CERT recommends employing six security measures to avoid memory-scraping malware attacks:
It’s essential to stay informed on the latest data breaches and malware used to steal sensitive information. To learn more about memory-scraping malware, give us a call at (713) 490-5000 or send us an email at firstname.lastname@example.org. CITOC can help you stay informed about the latest data breaches and types of malware used to steal sensitive information.