Cisco Researchers Detail New Sophisticated Breed of Point of Sale Malware

‘PoSeidon’ Swipes Card Data From Memory for Resale on Black Market

MONDAY 23 MARCH, 2015 – Cisco’s Talos Security Intelligence & Research Group has identified a new, more sophisticated breed of Point of Sale Malware with a mixture of capabilities
commonly found in infamous bugs such as the Zues banking Trojan and the more recent BlackPOS malware. Remember Target and Home Depot?

This newly identified malware targets point of sale ticket machines by using a loader and binary technique that remains persistent on targeted machines which can survive reboots and user logouts. Paired with a key logger, the malware then collects keystrokes and scrapes credit card data from memory and transmits the stolen data to a number of servers in Russia for resale on the black market.

Along with Cisco’s team of security and threat researchers, we urge network administrators and security personnel to remain alert and adhere to industry best practice to avoid potential
risk in POS malware attacks.

One proactive first step would be to block all destination traffic to heading to Russian IP addresses. We urge the implementation of a web filtering system to further secure internet traffic to only “business needed” websites. To further clarify this, if your organization does not require access to a social media site there should be a system implemented to actively prevent that traffic.

Read More about ‘PoSeidon’ from the Original Blog Post Found Here:
http://blogs.cisco.com/security/talos/poseidon