{"id":4185,"date":"2019-04-08T08:00:51","date_gmt":"2019-04-08T08:00:51","guid":{"rendered":"https:\/\/evoipos.com\/?p=4185"},"modified":"2021-12-16T13:41:01","modified_gmt":"2021-12-16T18:41:01","slug":"dmsniff-malware-targets-small-and-medium-sized-business-pos-systems","status":"publish","type":"post","link":"https:\/\/www.evopayments.us\/staging\/dmsniff-malware-targets-small-and-medium-sized-business-pos-systems\/","title":{"rendered":"DMSniff Malware Targets Small and Medium Sized Business POS Systems"},"content":{"rendered":"
\n
\n

Resellers beware. There is a new cyber security threat lurking called DMSniff. The malware targets small and medium sized business point-of-sale systems, specifically in the food, hospitality, and entertainment industry. The goal is to steal credit card information that fetches top dollar on dark net marketplaces.<\/p>\n

According to recent research from Symantec, \u201cThreat actors are advertising access to POS systems at prices ranging from $12 for administrative access to one POS machine to $60,000 for access to a large corporate network containing thousands of POS servers and terminals. Meanwhile, depending on its quality, payment card data on the dark web retails for between $1 and $175 per card.\u201d<\/p>\n

How It Works<\/b><\/h2>\n

Although instances of DMSniff malware are now popping up across the country, the malware is believed to have started in 2016. Flying under the radar over the last three years, here is how it works. It uses a process called DGA or a \u201cdomain generation algorithm\u201d, which generates a large number of domain names or even combined words from a dictionary to create domain names.<\/p>\n

According to a team of security researchers from Flashpoint, \u201cDMSniff could be gaining an initial foothold on devices either by using brute-force attacks against SSH connections or by scanning for vulnerabilities and exploiting those.”<\/p>\n

By doing this, the cyber criminals can make it hard on law enforcement officials, tech companies, or hosting providers to take down the domains, mimic commands of the malware, and shut down possible botnets. With law enforcement and cyber security experts unable to mimic these commands, the malware is able to continue to communicate with the point-of-sale system, and communicate stolen data. The data is scraped off of the magnetic stripes of the credit card as it passes through the terminal, before it is encrypted, and the payment is processed.<\/p>\n

\u201cEach time it finds an interesting process, it will loop through the memory sections to attempt to find a credit card number.\u201d the Flashpoint analysis went on to say. \u201cOnce a number is found, the bot will take the card data and some of the surrounding memory, package it, and send it to the command and control communications (C2).\u201d<\/p>\n

Despite the use of EMV cards, the threat of cyber-attacks are still real across businesses of all sizes and in all verticals. Just last month, casual dining and fast food restaurant chain Huddle House announced a security breach that impacted its point-of-sale system.<\/p>\n

\u201cThe malware was designed to collect certain payment card information from the magnetic stripe, including cardholder name, credit\/debit card number, expiration date, cardholder verification value, and service code,\u201d they said in a statement.<\/p>\n

Last year\u2019s Verizon Data Breach Investigation Report stated, \u201cPoint-of-sale systems were the second most targeted network behind only database servers.\u201d<\/p>\n

Be Prepared<\/b><\/h3>\n

No matter the size of your merchant\u2019s business, the best thing they can do is be prepared. Cyber criminals are always trying to up their game and come up with the latest form of malware or threats. A study by Accenture states, \u201cMalware and web-based attacks are the two most costly attack types with companies spending an average of $2.4 million in defense.\u201d Here are several items for your merchants to keep in mind when it comes to combatting cyber security.<\/p>\n