Close
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Subscribe
Logo
  • Latest News
  • Artificial Intelligence
  • Video
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Subscribe
    Home Cybersecurity
    • Cybersecurity

    ‘Dexter’ Malware Caught Swiping Credit Card Numbers From POS Systems

    Written by

    Brian Prince
    Published December 13, 2012
    Share
    Facebook
    Twitter
    Linkedin

      eWEEK content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

      A new piece of malware is targeting point-of-sale (POS) systems at retailers, hotel chains and other businesses worldwide.

      According to Seculert, the malware—known as “Dexter”—has been used in hundreds of attacks during the past two to three months. The malware has hit systems in 40 different countries, with the largest percentage (42 percent) in North America and 19 percent in the United Kingdom.

      “Instead of going through the trouble of infecting tens of thousands of consumer PCs or physically installing a skimmer, an attacker can achieve the same results by targeting just a few POS systems with specially crafted malware,” blogged Seculert CTO Aviv Raff. “Dexter is one example of such malware.”

      Retailers and their POS systems are being targeted increasingly by attackers. In October, federal authorities announced they were investigating a massive fraud operation discovered at 63 Barnes & Noble stores across the United States where PIN pad devices were tampered with as part of a scheme to steal debit and credit card information. The investigation was launched after Barnes & Noble revealed that a PIN pad in each of the affected stores had been compromised. In response to the discovery, the chain discontinued use of all PIN pads in its nearly 700 stores nationwide.

      It is not clear if the attacks on the Barnes & Noble stores are linked to Dexter, and Seculert did not name any of the businesses affected.

      “How POS systems are targeted is yet to be known for sure, but by observing the administration panel of Dexter … Seculert was able to identify that over 30 percent of the targeted POS systems were using Windows Servers,” Raff blogged. “This is an unusual number for regular ‘Web-based social engineering’ or ‘drive-by download’ infection methods.”

      According to Raff, the malware steals the process list from the infected machine while parsing memory dumps of specific POS software-related process in search of Track 1/Track 2 credit card data. The data will most likely be used by cyber-criminals to clone credit cards used on the targeted POS system, he said.

      “POS systems are often the weak link in the chain and the choice of malware,” said Mark Bower, vice president at Voltage Security. “They should be isolated from other networks, but often are connected. And as a checkout is in constant use, they are less frequently patched and updated and thus vulnerable to all manner of malware compromise.”

      This is why the PCI Council supports point-to-point encryption, he said, adding that for most merchants, the solution of dealing with risks of this kind is to encrypt payment card data before it gets to the POS or checkout. With Format-Preserving Encryption (FPE), mag-stripe data such as credit card numbers are all protected while retaining the track and primary account number structure and format, he said.

      “If the POS is breached, the data will be useless to the attacker,” he said. “The trick is getting it right so that even though the data is protected and secure, it’s still compatible to the payment applications in the merchant’s systems and in the POS itself. That’s where Format-Preserving Encryption (FPE) comes in—the NIST-recognized FFX mode AES [Advanced Encryption Standard] in particular.

      “The good news is that savvy merchants are already tackling this risk and giving the malware nothing to steal through solutions that also have a dramatic cost-reducing benefit to PCI compliance,” he added.

      Brian Prince
      Brian Prince

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      Get the Free Newsletter!

      Subscribe to Daily Tech Insider for top news, trends & analysis

      MOST POPULAR ARTICLES

      Artificial Intelligence

      9 Best AI 3D Generators You Need...

      Sam Rinko - June 25, 2024 0
      AI 3D Generators are powerful tools for many different industries. Discover the best AI 3D Generators, and learn which is best for your specific use case.
      Read more
      Cloud

      RingCentral Expands Its Collaboration Platform

      Zeus Kerravala - November 22, 2023 0
      RingCentral adds AI-enabled contact center and hybrid event products to its suite of collaboration services.
      Read more
      Artificial Intelligence

      8 Best AI Data Analytics Software &...

      Aminu Abdullahi - January 18, 2024 0
      Learn the top AI data analytics software to use. Compare AI data analytics solutions & features to make the best choice for your business.
      Read more
      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Video

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2024 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.