|
 "This is by far the most sophisticated point-of-sale malware seen to
date," said Maria Noboa, lead technical analyst for privately held
iSight Partners, which uncovered the malware and was due to release
a technical report about it on Tuesday.
The firm had shared information about the malware, dubbed ModPOS,
with clients in October, and briefed dozens of companies, including
retailers, hospitality companies and payment-card processors, about
its dangers.
Retailers began hunting for the malware in the approach to this
week's unofficial launch of the holiday shopping season, the busiest
time of the year for most merchants, according to the Retail Cyber
Intelligence Sharing Center (R-CISC), an industry group set up this
year to fight hackers.
Retailers have been fending off increasingly sophisticated
payment-card theft schemes for more than a decade. The biggest
breaches to date include a notorious 2013 holiday-shopping-season
attack on Target Corp and a major breach at Home Depot Inc, each of
which compromised tens of millions of payment card numbers.
ISight declined to say how it uncovered the ModPOS threat or name
any targeted retailers.
Some retailers have found digital evidence that linked threat
indicators they had previously seen to ModPOS, though that does not
necessarily mean they were victims of breaches, said Wendy Nather,
director of research for R-CISC.
"I couldn't tell you who is most likely to be compromised by this,"
Nather said. "But if it were harmless, we wouldn't even be talking
about it."
[to top of second column] |
Her group, which was set up this year, has approximately 50 members
including Gap Inc, J.C. Penney Co, Lowe's Co and Walgreens.
ISight said it first identified the malware late last year, but only
came to understand its sophistication in recent months after
breaking encryption that hid how the malware works.
ModPOS includes modules for "scraping" payment-card numbers from the
memory of point-of-sale systems, logging keystrokes of computer
users and transmitting stolen data, according to iSight.
(Reporting by Jim Finkle; Editing by Richard Valdmanis and Leslie
Adler)
[© 2015 Thomson Reuters. All rights
reserved.] Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
