New Malware Tools Target Retailers — Make Sure You’re Protected

Security researchers at iSight, a cyber threat intelligence company, have identified a new toolkit available in the wild that malware hackers can use to gain access to credit card data.

The company reports that the framework, entitled ModPOS, is an active threat to U.S. retailers in the imminent high-volume buying season, and that the malware platform is amongst the most sophisticated and high-effort outings for POS cybercriminals to date.

The software can scrape credit card and other data on systems that don’t use end-to-end encryption — also called point-to-point encryption or P2PE. The new malware tools work even on systems protected by EMV/chip-and-pin technology.

John Giles, President of Future POS, recommends that any business using a point-of-sale system that doesn’t have P2PE move quickly to protect themselves.

We spoke at length at our 2015 Dealer Conference regarding the extreme risks of not having P2PE in today’s malware infested environment.  I’ve been a programmer my entire adult life, and I know amateur software when I see it.  This is strictly the work of professionals – not some 15 year old hackers.  Any merchant who doesn’t move to P2PE in light of this recent revelation is taking enormous risk with their business.

Future POS systems use P2PE to safeguard customer data. Check out our recent blog post and video for more on why this security technology is essential, and how P2PE works: “Too Small for Big Data Theft? Think Again.

And read more about the threat of the new malware platform: “ModPOS retail malware is not the work of script-kiddies,” 11/24/2015, Martin Anderson, The Stack.