Boston: US retailers are hunting for evidence of new breaches leading into the holiday shopping season after a cyber intelligence firm privately warned them about payment-card-stealing malware that it said evades almost all security software.
"This is by far the most sophisticated point-of-sale malware seen to date," said Maria Noboa, lead technical analyst for privately held iSight Partners, which uncovered the malware and was due to release a technical report about it on today.
The firm had shared information about the malware, dubbed ModPOS, with clients in October, and briefed dozens of companies, including retailers, hospitality companies and payment-card processors, about its dangers.
Retailers began hunting for the malware in the approach to this week's unofficial launch of the holiday shopping season, the busiest time of the year for most merchants, according to the Retail Cyber Intelligence Sharing Center (R-CISC), an industry group set up this year to fight hackers.
Retailers have been fending off increasingly sophisticated payment-card theft schemes for more than a decade. The biggest breaches to date include a notorious 2013 holiday-shopping-season attack on Target Corp and a major breach at Home Depot Inc, each of which compromised tens of millions of payment card numbers.
ISight declined to say how it uncovered the ModPOS threat or name any targeted retailers.
Some retailers have found digital evidence that linked threat indicators they had previously seen to ModPOS, though that does not necessarily mean they were victims of breaches, said Wendy Nather, director of research for R-CISC.
"I couldn't tell you who is most likely to be compromised by this," Nather said. "But if it were harmless, we wouldn't even be talking about it."
Her group, which was set up this year, has approximately 50 members including Gap Inc, J.C. Penney Co, Lowe's Co and Walgreens.
ISight said it first identified the malware late last year, but only came to understand its sophistication in recent months after breaking encryption that hid how the malware works.
ModPOS includes modules for "scraping" payment-card numbers from the memory of point-of-sale systems, logging keystrokes of computer users and transmitting stolen data, according to iSight.
"This is by far the most sophisticated point-of-sale malware seen to date," said Maria Noboa, lead technical analyst for privately held iSight Partners, which uncovered the malware and was due to release a technical report about it on today.
The firm had shared information about the malware, dubbed ModPOS, with clients in October, and briefed dozens of companies, including retailers, hospitality companies and payment-card processors, about its dangers.
Retailers have been fending off increasingly sophisticated payment-card theft schemes for more than a decade. The biggest breaches to date include a notorious 2013 holiday-shopping-season attack on Target Corp and a major breach at Home Depot Inc, each of which compromised tens of millions of payment card numbers.
Advertisement
Some retailers have found digital evidence that linked threat indicators they had previously seen to ModPOS, though that does not necessarily mean they were victims of breaches, said Wendy Nather, director of research for R-CISC.
Advertisement
Her group, which was set up this year, has approximately 50 members including Gap Inc, J.C. Penney Co, Lowe's Co and Walgreens.
Advertisement
ModPOS includes modules for "scraping" payment-card numbers from the memory of point-of-sale systems, logging keystrokes of computer users and transmitting stolen data, according to iSight.
© Thomson Reuters 2015
COMMENTS
Advertisement
Institutions To Offer Short Term Skill Development Courses On AI, Cyber Security Beware Of Electricity Bill Payment Scam: Follow These Tips To Stay Safe US Sues Amazon For Harming Consumers With Higher Prices The Situation At Delhi, Mumbai Airports Day After Global IT Outage Over 300 Indian Students Return As Quota Row Sparks Violence In Bangladesh "Jindal Group Executive Showed Porn, Groped Me On Flight": Woman To NDTV Watch: Sudha Murty Shares How She Embarked On Her Philanthropic Journey BJP vs BJP In Bengal Over Differences In 'Sabka Saath, Sabka Vikas' Outlook Delhi Gets First Pilot Hybrid Court Room With 'Speech To Text' Facility Track Latest News Live on NDTV.com and get news updates from India and around the world.