2014 can be remembered as the year when PoS malware attacks became truly widespread. Many retailers and other businesses became victims of these attacks, which resulted in financial losses and embarrassment for their victims. One can ask: how do these organizations become victims of PoS malware in the first place?
Most of the methods used to compromise a system with PoS malware are broadly similar to those used by any other malware. In our paper titled
PoS RAM Scraper Malware, we discussed some possibilities, including:
- A malicious insider
Employees of an organization could decide to plant PoS malware on the relevant systems. This is one of the hardest threats to defend against, but as far as PoS malware is concerned, one of the earliest scrapers were first discovered in air-gapped PoS systems. To this day, some PoS malware families will dump stolen data directly to a USB stick.
- Phishing/social engineering
Phishing is one of the oldest techniques around to compromise a network, and it’s still very effective. This risk is particularly acute in small businesses, which tend to use a PoS system not just for payment purposes, but for others as well (such as email, browsing, and social media). This increases the risk that various social engineering attacks will prove to be successful.
