Several news outlets have reported over the last few days on a new Point of Sale malware targeting North America – MajikPoS. IT security experts from Lastline and NuData Security commented below.
Brian Laing, VP of Business Development and Products at Lastline:
“Many of the techniques — such as the use of evasion and command & control — used by POS malware authors are common across classes of malware. MajikPOS appears to target workstations at corporate locations that are processing POS data. Security systems that conduct deep behavioral analysis on malware to understand all of the behaviors it is designed to carry out, and that monitor network traffic for unusual or anomalous activity could have detected the software downloads, lateral movement, and attempted data exfiltration. With the right technology, MajikPOS, just like all other malware, can be detected before the damage is done. Each time there is a breach like this where public samples are available, companies need to verify that their advanced malware protection is capable of detecting the new threat.”
Robert Capps, VP of Business Development at NuData Security:
“Stolen credentials are the currency of the black market, and this is one way to get them. Malware, RATs, hacks, or breaches – no matter what form the attack takes, it’s almost always about getting useful, valid consumer data for future crimes. MajikPOS is the latest of more complex and sophisticated attacks that are targeting specific credit card information. Consumers have little protection against these types of attacks because they target retailer point of sale systems.
“Given the ubiquity of consumer data available to online crooks, merchants can no longer assume that it is the true user when valid credentials are presented. The onus is on the service providers and merchants to ensure that they are using adequate security at the infection point but also using controls and multi-layered solutions to truly identify the legitimate user at consumer touchpoints to negate the potential impacts when stolen data is used to transact.”