With a little over two weeks until the holiday shopping season kicks off in earnest, a picture of the evolution of point of sale (POS) malware has come into focus with a number of recent pieces of research of late. A common theme recurring throughout is that POS malware is increasingly maturing with different packages and families refined for specific attack scenarios.
Just today, researchers with Cyphort Labs released a report that dissected three families of POS malware associated with three distinct breach incidents at Target, Home Depot, and UPS over the past year--BlackPOS, FrameworkPOS, and Backoff respectively.
"Looking at the modes of operation of the three families one can clearly identify two directions: one from the targeted attacks on Target and Home Depot, and the other from the more generalized approach of Backoff," they wrote. "Targeted attacks are identified by the fact that the attacker chooses the target and specifically designs the attack, while in a general approach, the nature and identity of the victim are unknown to the attacker."
Tailored for attacks against dedicated targets, both FrameworkPOS and BlackPOS have got multi-functional components for persistence, memory scraping, process enumeration, and data exfiltration.
Ericka Chickowski specializes in coverage of information technology and business innovation. She has focused on information security for the better part of a decade and regularly writes about the security industry as a contributor to Dark Reading. View Full Bio