The Implications of Silent Injection Malware on Retail Security

Written by

The use of point-of-sale malware is not a recent phenomenon. The first high-profile case took place back in 2013 with the large US supermarket, Target, in which millions of customers’ credit and debit card account numbers were compromised.

In 2017, a more advanced point-of-sale program was discovered, known as LockPoS, which was stealing payment card data from computer memory using a silent malware injection which was able to bypass anti-virus measures virtually undetected. 

Scraping credit card data from computer memory connected to PoS-scanners, enabled through code injection to extract sensitive information such as card numbers, LockPos malware poses a significant threat to retailers.

In January 2018, it was reported that a silent malware injection technique was developed to bypass anti-virus software and avoid detection.

Attacks of this scale on businesses should worry retailers, especially since further attacks have taken place since the discovery of this hard-to-detect malware. Ensuring the security of customer data is vital for the retail sector, given that breaches can have serious implications on the reputation and trust of businesses.

With the vast majority of customers choosing to shop online over visiting brick and mortar stores, it’s more important than ever to have a strong security payments system in place. Credit and debit cards details are commonly stolen, via malware such as LockPos and Flokibot, so it’s vital that security measures are kept up-to-date to help detect the newest and most advanced threats.  

Prevention is better than cure
As complex as identifying malware threats might appear in theory, in reality, prevention of attacks begins with some simple steps. Having a reliable threat detection system lays the foundation for an easier detection and prevention of malware threats.

Designing the right security strategy is by no means a one-size-fits all solution, but taking the time to understand exactly what your business needs can go a long way to help save valuable time and money in threat protection. 

Using anti-virus software is an important first step in detecting malware threats early, as well as ensuring the software is regularly updated. Good security software commonly detects unusual behavior, such as LockPos malware, due to the invasive nature of the threat and alerts the provider to the potential threats.

It is crucial that businesses, in particular those within the retail sector, act fast in the event of an attempted attack, given that they process customer transactions using sensitive card information. 

Additionally, if a threat is detected late, little can be done to prevent data being stolen by the time the attack was reported. Worse still, Target had ignored incoming security alerts and underestimated the severity of the attack, and ultimately did not act upon the initial warnings. This illustrates the importance of looking closely at all detected security threats and taking action early, using effective security measures.

Secondly, it’s useful for retail businesses to understand how the malware works. LockPos for example, at its core, functions as a memory scanner that scrapes the memory of currently running processes on the system, searching for credit card patterns and then sending them to a Command and Control server. What truly differentiates silent injection malware from other LockPos malware lies with how it is coded, and the method of extraction of information.    

A structured threat intelligence platform can help to identify the key attributes that might provide clues to the origins of an attack. Understanding where PoS traffic is coming from can help organizations to stop threats earlier. Being able to spot recurring patterns with the IP address used can make it much easier, in the long-run, to catch potentially damaging security threats and prevent future attacks.  

With the considerable threat of attacks especially from nation states much more likely in this unstable and fragmented global landscape, these key security steps will help to put businesses a few steps ahead of the LockPos malware and help to increase the likelihood of prevention in the short term.

In the long-run, they will save organizations considerable amounts of valuable time and costly spending on the mitigation of attacks and paying data breach fines should they occur in the EU. 

What’s hot on Infosecurity Magazine?