Skip to main content

POS Malware - A Long-Term Mitigation Solution | Optiv

January 20, 2014

It has been reported that the KAPTOXA operation responsible for recent breaches to two major retailers – and potentially more – utilized a variant of BlackPOS malware that some have named Trojan.POSRAM. The malware, installed on point-of-sale registers, collects enough data after the card is swiped to allow the attacker to make fraudulent transactions.

There are many other variants of malware out there that have the same capabilities. And retail POS registers and back-office systems –generally running variants of Windows – are common targets for attackers.

So what is a retailer to do? What long-term strategy should a merchant consider?

Consider looking at the “point of capture"/terminal/POS itself. This can be the best place to start your security initiatives. The terminal is a security-hardened device, and most current models are able to support Point-to-Point Encryption (P2PE).

Hardware-based P2PE is encryption within the security confines of the terminal. Without it, card data is sent in the clear to the next system, leaving the information vulnerable as it goes over network or computer interfaces. However, with P2PE, credit card data is encrypted at the swipe and remains encrypted throughout the merchant’s environment until it reaches a third-party payment gateway or the acquirer.

Once the gateway or acquirer approves the credit card authorization request, a token is sent back to the merchant in response. This token is a stand-in for the actual credit card number and can be stored on the POS system. The token cannot be used to initiate transactions, so the value to an attacker is very low.

P2PE is relatively new to the marketplace but has recently been gaining more adoption given the public breaches over the last few years. P2PE does require a significant investment because all of the payment terminals must be updated; however, it is one of the few solutions out there that renders the data an attacker may obtain pretty much useless.

Related Blogs

April 03, 2018

Escape and Evasion Egressing Restricted Networks – Part 2

Attackers and security assessors alike are utilizing a technique called domain fronting, which masks malicious command and control (C2) traffic. This ...

See Details

March 08, 2018

Part 2: Frameworks in Context: The Business-Aligned Information Security Program and Control Frameworks

In part 1 of this series, we provided insights responding to the frequent question regarding control frameworks and their place in the security strate...

See Details

March 17, 2014

AutoIT Scripting in POS Malware

Over the past few years, using AutoIT scripting language to create and install malware has become more prevalent. This trend has made its way into the...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cybersecurity Events in your area.