Research from IntelCrawler reveals electronic kiosks and ticketing systems, typically for public transport systems, are being targeted by the “d4re|dev1|” malware.
This advanced backdooor malware provides remote administration capabilities, RAM scraping and keylogging features designed to infect a ticketing network and steal payment card data.
One of the findings from the research is that ticketing terminals are sometimes being used inappropriately by staff, for example, for general web surfing, e-mail and social network interaction.This provides multiple opportunities for either unintended or intentional infection of the ticketing terminal.
"These cases have a common denominator of weak passwords and logins, many of which were found in large 3rd party credential exposures"
Standard PCI DSS security best practice is to limit device functionality to its minimum, so browser software should be disabled or removed if not required and firewalling used to restrict web access for any POS systems unless necessary. Similarly POS file integrity monitoring should be used to maintain system integrity and detect malware activity.