Point of Sales systems hacking – new cybercriminal organisations recently shut down expanded to target smaller companies in USA, Russia, Canada and Australia.
The new malicious software dubbed “Chewbacca” designed to steal credit card information from retaillers has recently been shut down by authorities. The command and control server shut down by the FBI had collected around 49,000 payment card details in 11 countries from details of some 24 million card transactions.
This was a more sophisticated attack than the usual skimming operation where actual Point of Sale Terminals had been infected with the malware and as a result were sending details of transactions back to a central command and control server.
The public is urged to keep close tabs on bank accounts and immediately report any suspicious activity or simply ask to have all existing cards reissued while retailers are advised to contact their Point of Sale supplier or bank to ensure that their retail systems are secured from this kind of breach.
This method of attack known as “Memory Scraping” has escalated due to the effectiveness and the fact that POS systems present a large attack surface or target with low risk and high volume payoff.
Hopefully we may see retaillers and banks take a more cautious approach to securing internet connected point of sale systems.