FireEye researchers have identified a new malware threat targeting POS terminals. The malware arrives in an email inbox with what looks like a resume attached but it actually scans the system, looking for customer data.
Comment from Ken Simpson, CEO at MailChannels :
“We received a sample of this malware to one of our company’s email aliases – the resume attachment – and had a chance to review how it works. What makes this phishing attack particularly concerning is the skill with which the attackers have engineered their malware to infiltrate a very particular Windows-based point of sale system. POS attacks have been going on for years, but the infection vector has historically been a compromise of the POS device on-premise — not an Internet-wide phishing attack. We are watching with interest to see if more attacks start targeting other systems that collect consumer data from small businesses. This attack highlights the importance of email security to businesses of all sizes, as well as the importance of maintaining good security on any devices and systems that collect consumer data.”
By Ken Simpson, CEO MailChannels
Bio : Ken Simpson, founder and CEO of MailChannels Corporation. Ken first experienced the excitement and magic of software when his father brought home one of the first IBM PCs in 1980, teaching him how to write simple programs in BASIC. Since then, he has combined his passion for software with entrepreneurism, founding or participating as an early-stage employee in four successful startups in a broad range of technical areas including Voice-over-IP, Wireless Internet, and of course anti-spam. Ken has a First Class Honors degree in Computer Engineering from Simon Fraser University and Santa Clara University. At the Messaging Anti-Abuse Working Group (MAAWG), Ken splits his time running the botnet and web abuse sub-committees, as well as assisting in the work of the outbound abuse sub-committee.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.