Critical Infrastructure Security, Threat Management, Threat Intelligence, Incident Response, TDR, Vulnerability Management

Chip and PIN protections may fall short as future threats materialize

The protections that chip and PIN payment card solutions offer may fall short as cybercriminals begin installing command-and-control malware on infected EMV device readers, a new report warns.

Cybercriminals could begin repurposing ATM EMV malware to attack retail environments by infecting point-of-sale (POS) machines (possibly via malicious USB drives) and then introducing an altered EMV chip to the POS terminal, researchers from Booz Allen Hamilton said in the company's 2019 Cyber Threat Outlook report.

The attack can be traced back to the Skimmer15 and Ripper16 malware families, which use a malicious EMV chip to authenticate and grant access to hidden menus within ATMs already infected with the malware. Criminals may also look to exploit the EMV protocol, since embedded systems tend to allow elevated trust when interacting at the hardware level.

“Looking further to the future, criminals may exploit NFC applications in the same ways that we think they will abuse EMV technology,” researchers also said in the report. “Instead of interacting with malware via EMV chips, criminals might identify new ways to use NFC-ready devices as consumers increasingly present their mobile phones to authorize transactions.”

To mitigate these threats, researchers should ensure logical and physical access to POS machines is restricted to authorized users, and disable access methods like USB when possible. Users should also increase monitoring at the file-system level on EMV-enabled POS machines to alert when files are being accessed outside normal operations.

The report also found that IoT devices may broaden the scope of state-sponsored espionage operations, and prove to be an even more valuable and vulnerable target. According to the report, 15 percent of IoT device owners don't change their device’s default passwords and nearly 10 percent of IoT devices use one of the same five passwords for administrative access.

Users should always change default passwords and close all unnecessary open ports on existing IoT devices on their network. In addition, users should establish a process to inventory, identify, scan and secure new devices as they are integrated into the environment, and include IoT and networking devices into their firm’s vulnerability management program.

Booz Allen Hamilton also predicts threat actors will seek to weaponize adware networks with new techniques developed to improve their ability to persist on a host and infect more machines.

Other predictions in the report include:

  • Deepfakes in the wild could spark information warfare as AI generated video improves.
  • The wireless attack surface will grow as more devices become connected.
  • Threat actors will increasingly target utilities companies such as water facilities in attacks targeting critical infrastructure.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.