Monday, December 1, 2014

PoS malware found targeting mass transit systems

The security company InterCrawler has found a new malware strain that targets the mass transit systems

In the report, a sentence had both my eyebrows raise and my jaw drops at the same time:
"During ongoing POS investigations it was determined that some operators of Point-of-Sale terminals have violated their own internal security policies and have used their terminal for gaming and WEB-surfing, checking e-mail from it, sending messages, and viewing social networks. These cases have a common denominator of weak passwords and logins, many of which were found in large 3rd party credential exposures."
This is almost 2015 and still people operating Point of Sale terminals are still incapable of realizing that their actions can result in huge dramas. 

To the casual reader, this seems bad. To the security-minded, this is even worse: it means that these machines had, at the time of the breach, access to the Internet. This is in direct violation of the PCI standard

Last Friday was Black Friday in the US, I am curious to discover how many retailers were compromised and how much money cybercriminals have amassed.