Petronella Blog Archive

Visit our New Blog

POSeidon Malware and the Current State of Credit Card Theft

Blog Post

Hackers have shifted their focus from big retailers like Target and Home Depot to point of sales (POS) software, giving them a wider range of smaller companies and frustrating efforts of the people who try to get to the bottom of security breaches. 

One method banks have been using to help determine where breaches occur is called CPP, common point-of-purchase.  They look at credit cards that have experienced fraud and look for commonalities.  This method has proven very useful and has helped get to the bottom of some of the larger credit card thefts in recent years.

The new approach taken by the thieves, however, is to sell credit card information stolen from a wide variety of sources: restaurants, bars, hotels.  This removes the commonality of one single place being responsible for a breach and instead shifts the focus to POS devices: the new commonality.  This is much more difficult to solve because banks don't have relationships with the scattered restaurants or bars, much less the POS companies.

Frustrating matters further, the POS vendors rely on local IT companies to install and support them.  IT firms often install remote access software such as LogMeIn and use passwords that are easy for their customers to remember.  Once a hacker gets access to these machines, they can install malware like POSeidon, which can capture all credit card data passing through the POS.  This and similar attacks have been implicated in the hacks of Nextep and Bevo POS solutions.

What can be done about this?  One solution that's been floated around is to do point-to-point encryption, where card data is always encrypted, whether on the local network or at the point of sale.  This would make it so all the information the malware receives would be encrypted gibberish.  The problem with this is that the setup and ongoing costs are higher, and a lot of small businesses, such as the restaurants and bars and hotels that are increasingly becoming victims of POSeidon and other malware, have little incentive to take on the added expense.