Global POS malware ring uncovered

Every merchant needs to be aware of the different ways that criminals can attack their business. While business owners know that someone can come in with a weapon and demand money or an employee can secretly skim funds off the top, the new age of crime against the cash register comes from a digital presence. With more organizations embracing technology, businesses need to be aware that they can also become a target if they do not keep it safe.

According to a recent article from Computerworld, security researchers have uncovered a group of global cyber criminals that have been workers underground that have infected nearly 1,500 different point-of-sale (POS) terminals, accounting systems and back-of-house platforms with malware in businesses from 36 countries.

These systems were brought together through a botnet called Nemanja, which was uncovered by cyber crime intelligence firm IntelCrawler. It is believed that the criminals behind this attack are operating out of Serbia.

"The size of the botnet and the worldwide distribution of infected systems brings into perspective the security problems faced by retailers from around the world, problems that were also highlighted by the recent PoS breaches at several large U.S. retailers," the article reads.

In a blog post from IntelCrawler, the firm laid out the scope of the breach, which was discovered in March of this year. Nemanja affected various small businesses and grocery stores across the world. This makes the growing problem of retail security more visible after, especially since more businesses have become high profile targets. These show that organizations of all sizes can become victims. Adding to the problem is that this is believed to only be the beginning of the kinds of attacks that businesses are facing.

"We predict an increasing number of new data breaches in both sectors in the next few years, as well as the appearance of new types of specific malicious code targeted at retailers' back office systems and cash registers," the post reads. "The nature of POS-related crimes can be different from country to country, but it shows the insecurity of modern payment environments. The bad actors combine several attack vectors in order to infect operators' stations – "drive-by-download" and remote administration channels hacking."

The post goes on to say that card associations should expect a trend of POS infections developing in multiple countries in the near future. This is happening because retailers are significantly lagging behind when it comes to information security solutions and card processing software.

Making matters worse, IntelCrawler predicts that soon modern POS malware will become part of RAT/Trojans and other harmful software that is acting as a module, which may be used along with keylogger and network sniffing malware.

The current landscape of POS software has become a fertile hunting ground for cyber criminals. A single unnoticed piece of malware that affects credit card payment software can sit and gather card numbers and other personal information before it is sold to the highest bidder and used for nefarious means. This is why it is increasingly important for companies to partner with a quality solution provider that can ensure information is kept secure at all times.

Scroll to Top