Arbor Networks researchers spotted the Flokibot malware family targeting Point of Sale infrastructure in Brazil and other countries.
The malware is a Zeus-based banking trojan variant developed from the leaked Zeus 126.96.36.199 source code.
While the majority of malware compromises have been in Brazil, attacks have also been spotted in Australia, the U.S., Paraguay, Croatia, the Dominican Republic and Argentina, according to a Jan. 30 blog post.
In one of the compromises, researchers suspect the cybercriminals were involved in the creation of phony credit cards. Researchers were also able to link the Kronos banking trojan, to Flokibot campaigns by examining C2 servers.
To prevent compromises, researchers recommend users watch out for common tactics including scanning for remotely accessible administrative servers, weak or default credentials, spearphishing attacks, and malware posing as updates. Users should also be on the lookout for the compromise of vendors offering remotes support to PoS or other software updates.
Vendors should adopt newer more secure payment technologies like EMV chips, Symantec Security Response Manager Flora Liu told SC Media.
“Chip and Pin cards are much more difficult to clone, making them less attractive to attackers,” Liu said. “They should also implement the Payment Card Industry Data Security Standard (PCI DSS) to enhance data security.”
Liu said attackers typically infiltrate the corporate network first since POS terminals aren't typically connected to the internet but instead have some sort of connectivity to the corporate network.
Consumers should also do their part in ensuring the protection of their payment information.
“Consumers should avoid using payment card in less reputable stores or non-secure merchant sites; make sure to use a personal and secure computer for online purchases; be skeptical to anyone or emails asking for your payment card information; subscribe to bank transaction alerts to help identify unauthorized transactions,” Liu said.
NuData Security Engineer Don Duncan emphasized the importance of firms adopting EMV chip technology.
“There is no doubt that the shift to EMV is causing fraudsters to adapt their methods by turning to card-not-present fraud,” Duncan said. “This was the trend seen in Europe when they made the change a few years ago. The fraudsters will continue to shift their sights on untapped vulnerabilities as we shift our defenses.”