DMSniff Malware Targets Small and Medium Sized Business POS Systems

Resellers beware. There is a new cyber security threat lurking called DMSniff. The malware targets small and medium sized business point-of-sale systems, specifically in the food, hospitality, and entertainment industry. The goal is to steal credit card information that fetches top dollar on dark net marketplaces.

According to recent research from Symantec, “Threat actors are advertising access to POS systems at prices ranging from $12 for administrative access to one POS machine to $60,000 for access to a large corporate network containing thousands of POS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.”

How It Works

Although instances of DMSniff malware are now popping up across the country, the malware is believed to have started in 2016. Flying under the radar over the last three years, here is how it works. It uses a process called DGA or a “domain generation algorithm”, which generates a large number of domain names or even combined words from a dictionary to create domain names.

According to a team of security researchers from Flashpoint, “DMSniff could be gaining an initial foothold on devices either by using brute-force attacks against SSH connections or by scanning for vulnerabilities and exploiting those.”

By doing this, the cyber criminals can make it hard on law enforcement officials, tech companies, or hosting providers to take down the domains, mimic commands of the malware, and shut down possible botnets. With law enforcement and cyber security experts unable to mimic these commands, the malware is able to continue to communicate with the point-of-sale system, and communicate stolen data. The data is scraped off of the magnetic stripes of the credit card as it passes through the terminal, before it is encrypted, and the payment is processed.

“Each time it finds an interesting process, it will loop through the memory sections to attempt to find a credit card number.” the Flashpoint analysis went on to say. “Once a number is found, the bot will take the card data and some of the surrounding memory, package it, and send it to the command and control communications (C2).”

Despite the use of EMV cards, the threat of cyber-attacks are still real across businesses of all sizes and in all verticals. Just last month, casual dining and fast food restaurant chain Huddle House announced a security breach that impacted its point-of-sale system.

“The malware was designed to collect certain payment card information from the magnetic stripe, including cardholder name, credit/debit card number, expiration date, cardholder verification value, and service code,” they said in a statement.

Last year’s Verizon Data Breach Investigation Report stated, “Point-of-sale systems were the second most targeted network behind only database servers.”

Be Prepared

No matter the size of your merchant’s business, the best thing they can do is be prepared. Cyber criminals are always trying to up their game and come up with the latest form of malware or threats. A study by Accenture states, “Malware and web-based attacks are the two most costly attack types with companies spending an average of $2.4 million in defense.” Here are several items for your merchants to keep in mind when it comes to combatting cyber security.

• Plan ahead
• Eliminate blind spots
• Know your points of contact
• Find out your liability coverage
• Vet third parties
• Institute a dedicated response team
• Engage outside vendors
• Understand legal requirements
• Reduce security weakness with layers of tokenization and encryption

Data breach preparedness can be complex. If your merchants are not prepared, the result of a data breach could be catastrophic. Small Business Trends states, “43 percent of cyber-attacks are aimed at small businesses.” Advise your merchants now to prepare for a data breach. Understanding best practice solutions can help them reduce the risk of such a breach and ensure they are prepared in the event that one does occur.

Check out our January edition of the Reseller Edge newsletter where we discussed the importance of security with topics on PCI Compliance, an overview of data breaches and how they occur, and how to secure your POS system. In February we explored cyber security even more in-depth and how to save your merchants from data breaches.