Eftpos malware Attack Hits US Stores
Eftpos malware (Point-of-sale malware) is usually a type of malicious software that is used by cyber-attackers to target point of sale (POS) and payment terminals with the intent to obtain credit card and debit card information including the cardholder’s name, credit card number, expiration date, and even the CVV code.
In recent Eftpos malware attack, North County Business Products has been hit by a malware that infected the sites of 136 stores across the US and lifted comprehensive payment card details from shoppers.
What is Eftpos Malware?
Malware programs designed for POS systems are commonly referred to as RAM scrapers, accessing the system's memory and exporting the copied information via a remote access Trojan (RAT) as this reduces any software or hardware tampering, potentially leaving no footprints.
Eftpos malware attacks may also include the use of various bits of hardware: dongles, trojan card readers, (wireless) data transmitters and receivers.
Every time people swipe their card at a POS terminal to authorize a transaction, the data encoded on the card’s magnetic stripe including the cardholder’s name, card’s number, and card’s expiration date—is accepted along with the transaction request to the payment application and then to the company’s payment processing provider.
While this data is encrypted as it leaves the POS system and the company’s network, there’s a period of time when it’s stored in the system’s RAM in clear text and can be read by malware installed on the device, which is what seems to have happened in the target situation.
Being at the gateway of transactions, Eftpos malware enables cyber-attackers to steal thousands, even millions, of transaction payment data, depending upon the target, the number of devices affected, and how long the attack goes undetected.
Cybercrooks can break into POS machines and merchant networks by manipulating various security loopholes, but a common method is to steal or brute force remote administration credentials.
Visa issued two security alerts last year, in April and August, warning merchants of attacks using memory-parsing Eftpos malware.
“Use multi-factor authentication when accessing the payment processing networks,” the credit card company said in a statement.
“Even if Virtual Private Networking (VPN) is used, it is important that two-factor authentication is implemented. This will assist to mitigate key logger or credential dumping type of assaults.”
However, EFTPOS (Electronic funds transfer at point of sale) reduces the amount of cash your business will be dealing with, thereby reducing the amount of time your staff spends handling it.
Furthermore, EFTPOS payments go straight into your bank offering you peace of mind and bringing your business a layer of transparency.
Wondering if you should get EFTPOS in your industry? We collated a list of features you need to consider when Switching EFTPOS for your business:
- Customized solutions for your business corporation.
- Investment in payment infrastructure & data centres.
- Exclusion of double-entry errors and advanced reconciliation saves your business time and money.
- No need to change bank and also has the ability to accept all varieties of payments.
- Lightning fast transactions with Tap & Go.
- Wi-Fi connection and support.
Conclusion
Business groups or individuals should follow best security practices and enforce defense in depth through security mechanisms that can prevent threats from endpoints, networks, servers, and gateways.
Nowadays, cybercriminals have learned to make their malware more adaptable, resilient and more destructive and continuously improving their arsenal by developing new skills to attack financial groups and individuals.
Therefore, we also need to upgrade our cyber defense systems and courses to more effectively guard against cybersecurity risks, as well as to respond in a timely and robust manner to prevent any intrusion in the future.
Tips to Prevent virus and malware from Infecting Your System:
- Enable your popup blocker: Pop-ups and ads on the websites are the most adoptable tactic used by cybercriminals or developers with the core intention to spread malicious programs.
So, avoid clicking uncertain sites, software offers, pop-ups etc. and Install a powerful ad- blocker for Chrome, Mozilla, and IE
- Keep your Windows Updated: To avoid such infections, we recommend that you should always keep your system updated through automatic windows update.By doing this you can keep your device free from virus.According to the survey, outdated/older versions of Windows operating system are an easy target.
- Third-party installation: Try to avoid freeware download websites as they usually install bundled of software with any installer or stub file.
- Regular Backup: Regular and periodical backup helps you to keep your data safe in case the system is infected by any kind of virus or any other infection.Thus always backup important files regularly on a cloud drive or an external hard drive.
- Always have an Anti-Virus: Precaution is better than cure. We recommend that you install an antivirus like ITL Total Security or a good Malware Removal Tool like Download Virus RemovalTool
