Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Increase in Point of Sale Malware Intrusions Possible During Holiday Season

 

Systems Affected


During the holiday season, PoS malware is a key method for cyber criminals to obtain millions of credit card numbers by only compromising a small number of networks. While criminals often use PoS malware to target small to medium-sized retail establishments, recent high-profile data breaches against major retailers demonstrate they are willing and capable of hacking retailers of all sizes operating with network security vulnerabilities.

Cyber criminals can use PoS malware to steal payment card data by remotely infecting PoS systems without the need to physically access the cards or the devices used to process them. Consequently, cyber criminals can compromise PoS systems on a larger scale, increasing the number of potential victims. The use of PoS malware by cyber criminals to fraudulently obtain stolen credit or debit card information poses a significant threat to retail establishments, financial institutions, and consumers whose data is compromised.

Threat Level


High


Overview


The FBI assesses data breaches caused by point of sale (PoS) malware may increase during the holiday season. Retailers and merchants are encouraged to remain vigilant and to implement best practices in an effort to mitigate these attacks.


Description


The FBI assesses the use of PoS malware by cyber criminals may continue to rise due to the availability of PoS malware in the cyber underground, including new malware or variants of previous malware, and the ongoing process by US retailers to implement or accommodate Europay, Mastercard, and Visa (EMV) Chip cards.


Impact



Solution/ Workarounds


  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.


References


FBI CYWATCH.

s National Press Office at npo@ic.fbi.gov or (202) 324-3691.


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.