Product and service reviews are conducted independently by our editorial team, but we sometimes make money when you click on links. Learn more.

PoSeidon: A New Wave Of PoS Malware

By , Derek Forrest - Source: Cisco
Tags :

While most people are preparing for spring, consumers may also need to prepare for another string of retail security breaches, as Cisco's Security Solutions (CSS) recently discovered a new malware family targeting Point of Sale (PoS) systems.

Dubbed "PoSeidon" (see what they did there?), this new malware has several maniacal components that have been identified. CSS believes the infection begins with a keylogger that steals credentials from remote access applications like LogMeIn by deleting saved and encrypted passwords and profiles, forcing users to type them again. Once access is gained, a loader deploys DLL files to maintain persistence and executes a memory scraper, which scans for unencrypted credit card information in combination with the keylogger and another malicious executable algorithm, which matches the unencrypted data running in the memory with the information from the keylogger, sending complete strings of information to a remote server.

If that's not scary enough, the only recommendation CSS currently offers in the official blog is for network administrators "…to remain vigilant and adhere to industry best practices to ensure coverage and protection against advancing malware threats." With ever-evolving forms of malicious attacks, where industry best practices aren't always enough to prevent a security breach, where are the better industry practices?

PoSeidon, and other malware of its kind, are only effective because they target the weakest link of the security stack -- hardware. The keylogger component of PoSeidon would be next to harmless without the memory scraper, which can see all the sensitive information in plain text while it resides in the memory. The need for end-to-end encryption is at an all-time high, and several major brands are starting their own wave of resistance against the rising tide of malware threats. 

Samsung recently teamed with Trustonic to bring hardware based Trusted Execution Environments (TEEs) to mobile in the Galaxy S 6, while the prpl Foundation recently formed its Security PEG (prpl Engineering Group) with members consisting of Broadcomm, Lantiq, Imagination, and Qualcomm to create an open framework design for next gen security software and hardware.

While both of these announcements are great milestones in the quest for true end-to-end protection in the software and hardware stack, the adoption of end-to-end protection is needed most in the retail segment, where these malicious attacks are most profitable for cybercriminals.

"Attackers will continue to target PoS systems and employ various obfuscation techniques in an attempt to avoid detection," warned the CSS. "As long as PoS attacks continue to provide returns, attackers will continue to invest in innovation and development of new malware families."