New PoS Malware Discovered Targeting The Hospitality And Entertainment Industry

By   ISBuzz Team
Writer , Information Security Buzz | Mar 15, 2019 03:45 am PST

Researchers have uncovered a new cybercrime campaign that is targeting restaurants, cinemas and other retailers in the entertainment and hospitality industries with point-of-sale (POS) malware, with the aim to steal credit card information from customers. Going by the name of DMSniff, the malware is thought to have originated in 2016 but has managed to keep a low profile since. The key targets of DMSniff are small- and medium-sized companies that rely heavily on card transactions, such as the food, hospitality and entertainment industries.   

What makes this malware unique is its ability to use a domain generation algorithm (DGA) to create command-and-control domains on the fly, helping it to resist takedowns and bypass simple blocking mechanisms. This is beneficial for the attackers because if domains are taken down by law enforcement or hosting providers, the malware can still communicate with the compromised POS device — and continue to transfer stolen data.  

Expert Comments Below:  

Javvad Malik, Security Advocate at AT&T Cybersecurity: 

Javvad Malik“Cybercriminals will often try to maximise their return on investment by going after mid-sized companies. Such companies usually have enough cash flowing through their systems to make the attack financially viable, and many times mid-sized companies do not invest enough incybersecurity controls either due to lack of budget or because it is not a priority. 

It is essential for small and mid-sized companies to look at the threats they face seriously and invest in the appropriate security controls to protect, detect, and recover from any attacks. Where capabilities are not available in-house, a third party such as an MSP can be engaged to fill the gap.”  



Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x