Sophisticated Cherry Picker POS Malware Goes Undetected for Four Year

Despite recent requirements of the Payment Card Industry Security Standard (PCI DSS) and enhancements in security technologies, there are still gaps in the overall security of Point-of-Sale (POS) systems.

According to Trustwave, the most recent malicious POS malware called ‘Cherry Picker’ has gone largely undetected by security providers and antivirus tools alike due to the sophisticated methods it uses to hide and remain unnoticed.

The malware uses a new technique for scraping credit card data from the memory of the POS system it infects. Cherry Picker’s use of encryption, configuration files, command line arguments, and obfuscation have helped the malware remain undetected since it was first spotted in 2011.

POS malware attacks have proved to be very successful for cyber criminals and only since the massive breaches like Home Depot and Target have researchers started to understand what these malicious attacks are capable of.

In a report by Symantec, they note that while many companies do in fact encrypt credit card data while on its way to the payment processor and while in transit within its network, they don’t do the same with memory resistant data on the POS systems. By introducing point-to-point encryption and the new EMV payment systems, companies can help alleviate this vulnerability.

As malware writers begin to use more sophisticated approaches when it comes to stealing credit card credentials, it is important that organizations take this threat seriously and understand that having vulnerabilities in your POS systems makes you an easy target for cyber criminals.

Breaches like that of Target and Home Depot could have been mitigated by taking some fairly easy steps: Start with the implementation of a hardened build standard with Precision Change Detection, coupled with breach detection technology will ensure that, even if a breach is successful, you’ll at least be alerted of the fact immediately and be in a position to take action to prevent any card data loss.

Remember - Target lost credentials affecting over 70 million people in nearly two and a half weeks, so where a breach can’t be prevented, the speed of detection is crucial.

POS terminals have been proven to be easy targets for criminals and simply too sensitive to leave them without defense measures implemented. When will you take action?

 

Read the article on Dark Reading

Read more about POS Protection

 

 

Cloud and Container Security
The Most Powerful & Reliable Cybersecurity Products

change tracker gen7r2 logo

Change Tracker Gen 7R2: Complete configuration and system integrity assurance combined with the most comprehensive and intelligent change control solution available.

FAST Cloud logo

Fast Cloud: Leverage the world’s largest whitelist repository to automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology)

vulnerability tracker logo

Vulnerability Tracker: The world’s only limitless and unrestricted vulnerability scanning solution with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

log tracker logo

Log Tracker: Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds

Contact Us

Corporate Headquarters

Netwrix
6160 Warren Parkway, Suite 100
Frisco, Texas, 75034

Phone 1: 1-949-407-5125

Phone 2: 888-638-9749 (toll-free)


[email protected]
 

United Kingdom

Netwrix
5 New Street Square
London EC4A 3TW

Phone: +44 (0) 203 588 3023


 [email protected]
Information
SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Now Certified IBM Security
Copyright 2024, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.