Retailers targeted by sophisticated ModPOS malware

Point of Sale System - modPOS Malware Attacking POS

Point of Sale System – modPOS Malware Attacking POS

CSO Online is reporting that the ModPOS malware has already hit multiple national retailers and compromised millions of cards, according to new research released this morning, but there are likely to be more infections still out there since this particular malware is extremely difficult to detect.

“The way that the malware is able to hide itself makes it extremely difficult for retailers to detect with existing capabilities,” said Stephen Ward, senior director at Dallas-based cyber threat intelligence firm iSight Partners, Inc.

It took months for researchers to get a clear view of this malware and reverse engineer it, he said, and then the researchers have spent a month informing retailers about how to spot it.

This POS malware is sophisticated with a VERY extensive toolkit:

As its name suggests, ModPOS is a highly modular malware that targets point of sale systems with keylogging, RAM scraping, credential theft and network reconnaissance functions.

“What we’re seeing is shell code which consists of up to 600 functions, which is astronomical,” said Maria Noboa, iSight’s senior threat analyst. By comparison, typical shellcode would have just a handful of functions, she said.

ModPOS malware is basically a rootkit:

The ModPOS framework also involves hacked kernel drivers and that, Noboa said, is what makes this malware family very dangerous.

“They are essentially rootkits,” she said. “Difficult to detect.”

It isn’t all bad news though:

The one bright spot about this malware, so far at least, is that its creators are not selling it on underground forums or otherwise distributing it to the public.

“We have researchers around the world looking for any sign of people trying to share the code,” she said.

So far, there haven’t been any.

“This gives us an indication that the authors are holding it close to their chest because it’s a profit center for them,” she said. “We categorize this as author-slash-operator because we believe that the people who wrote the malware are the ones operating it.”

Isn’t EMV the answer? Maybe – maybe not…

EMV is not enough

Many retailers are currently in the process of converting to EMV, which allows them to accept more secure chip-based payment cards at the point of sale terminal.

That could help companies defend against ModPOS — but only if they do it right.

“There is a tendency to think that if you have EMV terminals set up, you’re good to go,” Noboa said. “But it has to be implemented correctly, with true end-to-end encryption in place, including encrypting data in memory. That’s key here, because point-of-sale malware capitalizes on data in memory. If it’s not encrypted, ModPOS can still grab that data in clear text.”

In addition, the rest of a company’s infrastructure might still be vulnerable to attackers, she added, including other databases, intellectual property, financial documents.

“The modularity allows them to use it as a Swiss Army knife,” said Ward.

Original Article.

Save 20% on Carbonite until End of September

Carbonite-Home-300x300Save 20% on our most popular Carbonite home products. These products are not often discounted so buy NOW!

Limited-time Promotional Offer of 20% discount is available only to new Carbonite customers.

 

Carbonite Basic – 1 Year

  • Automatic cloud backup
  • U.S.-based support, 7 days a week
  • Sync, share and access files remotely with free apps
  • Award Winning Carbonite Protection for 1 Year

Carbonite Basic Home – 1 PC or 1 Mac – 1 Year- Regularly: $59.99 – NOW: $47.99

Carbonite Basic – 2 Years

  • Automatic cloud backup
  • U.S.-based support, 7 days a week
  • Sync, share and access files remotely with free apps
  • Award Winning Carbonite Protection for 2 Years

Carbonite Basic Home – 1 PC or 1 Mac – 2 YearRegularly: $119.98 – NOW: $95.98

But hurry – this discount ends on Wednesday 09/30/2015 !!

Save 20% on Carbonite Home Thru August 31st

Carbonite-Home-300x300Save 20% on our most popular Carbonite home products. These products are not often discounted so buy NOW!

Limited-time Promotional Offer of 20% discount is available only to new Carbonite customers.

 

Carbonite Basic

  • Automatic cloud backup
  • U.S.-based support, 7 days a week
  • Sync, share and access files remotely with free apps

Carbonite Basic Home – 1 PC or 1 Mac – Regularly: $59.99 – NOW: $47.99

 

Carbonite Personal Plus

  • Automatic cloud backup
  • U.S.-based support, 7 days a week
  • Sync, share and access files remotely with free apps
  • External hard-drive backup
  • Mirror Image backup

Carbonite Personal Plus – 1 PC or 1 Mac – Regularly: $99.99 – NOW: $79.99

But hurry – this discount ends on Monday 08/31/2015 !!

ESET Offers Free Android Stagefright Detector

ESET®, a global pioneer in proactive internet security for 25-years, today announced the availability of a free Android app – ESET Stagefright Detector – which helps users determine if their Android device is affected by the critical Stagefright exploit. The app is available in the Google Play Store now.

ESET makes available a free Android Stagefright Detector

ESET makes available a free Android Stagefright Detector

First discussed at Black Hat 2015 last week, the Stagefright vulnerability allows attackers to gain control of Android phones via the Stagefright library, an open-source media player used by 95 percent of Android devices. The vulnerability gives attackers access to most of the victim’s phone data including email, photos, and personal information by simply sending an MMS (Multimedia Messaging Service) message to the victim’s Android smartphone.

ESET StageFright Detector works with Android 4.0 and older versions of the Android operating system which includes {insert names of the Android OS versions… using the names would be appropriate for SEO and for a more general audience}. The new ESET app alone cannot repair the vulnerability, however once users activate the app and determine whether their Android smartphone is vulnerable they can click on the “Learn More about Stagefright” icon. This takes users to the ESET Knowledgebase article which provides safety steps to protect their data.

ESET recommends all Android smartphone users follow these steps to ensure their data is safe:

  • Enable automatic updates on their device(s) to ensure they receive the latest patches from the device manufacturer or carrier
  • Block MMS from unknown senders
  • Disable automatic MMS retrieval in the Messaging setup
  • Use a browser that is not vulnerable to Stagefright (for example, Firefox 38+)

 

ESET discovers another porn clicker in Google Play

2015-05-30 14_55_52-Android Apps on Google PlayRecently, Avast researchers discovered the Trojan porn clicker uploaded to Google Play Store and posing as “Dubsmash 2”. This clicker pretended to be an official application, and was downloaded more than 100,000 times. While the click fraud activity did not cause direct harm to the victims such as stealing credentials, it does generate a lot of internet traffic and may cause high data charges for victims that have a restricted data plan, leaving them with high cellphone bills at the end of the month.

Less than a month later, ESET researchers discovered that a plethora of variants of this same fake Dubsmash application found their way on to the official Google Play, showing the very same icons and preview pictures.

While this threat is entirely different from the one we documented last week, both cases are similar in the sense that they managed to get into the Google Play Store when they should have been rejected.

Original ESET Article

A bad day for Apple Mac and iOS Malware

Today saw several updates to the threatsense database by ESET, but update v.11296 was quite exceptional. Why?

Because it contained 140 Macintosh OS-X threats and 9 iOS updates. Apple is quick to try to dispel the idea of Macintosh and iPhone/iPad malware, but there is no denying, it is here – and here to stay!

140 MacOSX Malware threats and 9 iOS threats were added today in a single update

140 MacOSX Malware threats and 9 iOS threats were added today in a single update

Here is the ESET Threatsense Update.

To see an up-to-date list of Mac OS-X updates in the threatsense database – click here.

U.S. Announces Cybersecurity Center to ‘Sync Up’ Data

According to an article by NBC News, the US Government’s new cybersecurity center around the nation and disseminate analysis to other departments and agencies.

Lisa Monaco, assistant to the president for homeland security and counterterrorism, announced the Cyber Threat Intelligence Integration Center (CTIIC) at the Woodrow Wilson International Center for Scholars on Tuesday.

“We need to sync up our intelligence with our operations,” Monaco said. The idea is to make connections and share information between the various law enforcement agencies, government offices, and private sector companies that make up the bulk of information gathered on cyber threats.

Monaco explained that she begins her day by briefing President Obama about the biggest threats to the nation. “Since I began this job two years ago, I can tell you an increasing amount of the bad news I share is unfortunately…. cyber threats,” she said.

Monaco mentioned a handful of the high-profile companies and groups that have suffered cyberattacks this year, including Home Depot, JP Morgan, Sony, CENTCOM, the U.S. Postal Service and health insurer Anthem.

“We are at a transformational moment” in the cyber threat landscape, Monaco said. “Our prosperity and security depend upon the Internet being secure against threats.”

Read more

And they say that antivirus isn’t required on a Macintosh

For years and years, Apple maintained that an antivirus program was not required and Macintosh – and for many years, if you were careful – is was *largely* true.

Mac OSX Malware is no longer a fantasy - it's real!The amount of Macintosh threats were minimal – and the cybercriminals simply didn’t go after Macintosh computers because their numbers were relatively low.

As Apple’s market share increased, these cybercriminals turned their attention to Macs – because they cost more – the customer who buy them are typically well off to affluent – and because often-times, they were plain easy to infect – because they lived in a bubble where clicking on bad-links and programs simply had no ill-effects.

Those days are GONE – pure history.

New Macintosh threats appear on a very regular basis – and some range from fairly benign popups, to full-blown banker-trojans.

Want to see the list of recent MacOS-X Malware Threat – click here.

These days you need protection – get the ESET CyberSecurity for Macintosh Trial today!

Windows 7: Internet Explorer Security Settings are Blocking Downloads

If you are trying to download files – any files, and the Internet Explorer message pops up that your current internet settings prevent this file from downloading – try the following to reset your Internet Explorer Security Settings.

Here is a step-by-step guide – with screen-shots – click each image for a larger version and detailed instructions:

1. open Internet Explorer Settings:

open Internet Explorer

2. open Internet Options:

Select Internet Options from the Settings menu

3. Reset all zones – then click Apply and then OK:

Security Tab | Reset | Apply | OK

4. Click the settings Advanced Tab – reset advanced settings, Internet explorer settings:

4-reset-advanced-options

5. Check the box for “Delete Personal Settings” inside the Internet Explorer Reset Window – then click Reset

5-reset-internet-explorer-options

Then RESTART your computer. If you are still unable to download files or programs – call support.

Facebook forges partnership with IT security vendor ESET

Summary: The goal of the alliance is to prevent malicious links from populating Facebook user News Feeds and Messages.Facebook + ESET team up

In a ZD.net article published today, it was announced that Facebook is partnering with ESET in order to make facebook links safer for all users.

http://www.zdnet.com/facebook-forges-partnership-with-it-security-vendor-eset-7000036362/

Facebook is well-known for home grown efforts in building its own data and IT infrastructures, but the social network is getting a little security help from a new friend.

The world’s largest social network has just announced a new partnership with IT security vendor ESET. The goal of the alliance is to prevent malicious links from populating user News Feeds and Facebook Messages.

ESET partners with FacebookTo achieve this, Facebook will be baking in ESET’s security software onto its platform.

For end users, there might actually be a state of more heightened awareness. The ESET integration entails that if a device being used to access Facebook services starts behaving suspiciously with signs of possible malware infection, a message will appear offering an anti-malware scan.

A software engineer at Facebook, Chetan Gowda, explained the this approach makes security “seamless and easy to clean up an infected device.”

In his blog, Gowda explained that Facebook will look for malicious activity from the device being used to access facebook – if odd or malicious behavior is found, then the user will be offered a free scan to see if malware is present. More details in Gowda’s Facebook blog post – also dated 12/03/2014.