SMBs attacked the most with 45% of PoS malware detection in Q3, 2015; Reports Trend Micro

trend-micro-logoFollowed by consumers with 27% and Enterprises with 19%.

New Delhi, 30th November 2015: Malware attacks in Point-of-Sale has been there for a while but most interesting is that cybercriminals have shifted from using targeted-attacking format to traditional mass-infection tools like spam, botnets, and exploit kits.

According to TrendLabs, attackers went after as many vulnerable PoS devices as possible in hopes of hitting the jackpot. They relied on tried-and-tested tactics like spamming as well as tools like macro malware, exploit kits, and botnets. They must have done something right because the PoS malware detection volume grew 66% Q1-Q3. SMBs, which had poorer protections in place compared with large enterprises, suffered most.

SMBs proved lucrative and easy point-of-sale (PoS) malware attack targets this quarter. This could be due to the extensive customer databases they keep with minimal to nonexistent security. We’ll likely see more of such attacks in the future. The slow adoption of next-generation payment technologies like the Europay, MasterCard, and Visa (EMV) and contactless Radio-Frequency-Identification (RFID)- enabled credit cards, mobile wallets (Apple Pay®and Android Pay™), and new payment-processing architectures could also adversely affect the security landscape.

A PoS random access memory (RAM) scraper made its way into devices aided by the Angler Exploit Kit, which is known for using malvertisements and compromised sites as infection vector.

Kasidet or Neutrino malware began sporting PoS-RAM-scraping capabilities this quarter. Kasidet, a commercially available builder, is known for its use in DDoS attacks, hits into PoS systems via malware-laced spam. As a result, its latest iteration accounted for 12% of this quarter’s total PoS malware detection volume.

This July, a new GamaPOS variant spread mayhem with the help of the Andromeda botnet and the “dynamite or blast fishing” approach. Blast fishing is the practice of using explosives to stun or kill schools of fish for easy collection. Attackers spammed practically every address they could get their hands on in hopes that the malware would make their way to PoS systems. Their emails came with macro malware attachments or links pointing to compromised websites.


About Trend Micro

Trend Micro Incorporated, a global leader in security software, strives to make the world safe for exchanging digital information. Built on more than 26 years of experience, our solutions for consumers, businesses and governments provide layered data security to protect information on mobile devices, endpoints, gateways, servers and the cloud. Trend Micro enables the smart protection of information, with innovative security technology that is simple to deploy and manage, and fits an evolving ecosystem. All of our solutions are powered by cloud-based global threat intelligence, the TrendMicro™ Smart Protection Network™ infrastructure, and are supported by more than 1,200 threat experts around the globe.  For more information, visit