Several news outlets have reported over the last few days on a new Point of Sale malware targeting North America – MajikPoS. IT security experts from Lastline and NuData Security commented below.
Brian Laing, VP of Business Development and Products at Lastline:
“Many of the techniques — such as the use of evasion and command & control — used by POS malware authors are common across classes of malware. MajikPOS appears to target workstations at corporate locations that are processing POS data. Security systems that conduct deep behavioral analysis on malware to understand all of the behaviors it is designed to carry out, and that monitor network traffic for unusual or anomalous activity could have detected the software downloads, lateral movement, and attempted data exfiltration. With the right technology, MajikPOS, just like all other malware, can be detected before the damage is done. Each time there is a breach like this where public samples are available, companies need to verify that their advanced malware protection is capable of detecting the new threat.”
Robert Capps, VP of Business Development at NuData Security:
“Stolen credentials are the currency of the black market, and this is one way to get them. Malware, RATs, hacks, or breaches – no matter what form the attack takes, it’s almost always about getting useful, valid consumer data for future crimes. MajikPOS is the latest of more complex and sophisticated attacks that are targeting specific credit card information. Consumers have little protection against these types of attacks because they target retailer point of sale systems.
“Given the ubiquity of consumer data available to online crooks, merchants can no longer assume that it is the true user when valid credentials are presented. The onus is on the service providers and merchants to ensure that they are using adequate security at the infection point but also using controls and multi-layered solutions to truly identify the legitimate user at consumer touchpoints to negate the potential impacts when stolen data is used to transact.”
Most Commented Posts
2020 Cybersecurity Landscape: 100+ Experts’ Predictions
Cyber Security Predictions 2021: Experts’ Responses
Experts’ Responses: Cyber Security Predictions 2023
Data Privacy Protection Day (Thursday 28th) – Experts Comments
Experts Insight On US Pipeline Shut After Cyberattack
Most Active Commenters
Recent Comments
“Cybersecurity Awareness Month’s new evergreen theme "Secure Our World” is…
“Avoid storing data on personal devices: A crucial but often overlooked…
“I recommend a new nuance to passwords that isn’t often…
“In my role overseeing cloud environments and incident response, I'm…
“Cybersecurity Awareness Month serves as a reminder to confront the…