AbaddonPoSĪbaddonPoS has been active since 2015 and is a generic PoS malware that tries to hide its activities via anti-analysis mechanisms, code obfuscation and a custom protocol for exfiltrating data from the victims to the cybercriminals. Once trust is established, they ask the victim to access a website and install an update, which in fact launches the infection, providing access to the fraudsters. They call companies on the phone and pretend to be employees from a credit card company. To have HydraPoS being installed on devices, cybercriminals make use of social engineering. HydraPoS combines several pieces of malware binded with a handful of legitimate third-party tools. This malware originates from Brazil and is notorious for cloning credit cards. HydraPoS still holds its leader position, although no new version has been released recently. Two malware families stand out in Kaspersky’s analysis: HydraPoS and AbaddonPoS ( Figure B).įigure B Image: Kaspersky.
A reason for this, as explained by Kaspersky, is that Chinese investors are opening new businesses in that country, generating economic growth and becoming attractive for cybercriminals. Zimbabwe appeared in the top five in 2021, and is still there in 2022. Brazil has been in the same situation, with an outdated ATM fleet, yet in addition Brazil has a number of cybercriminals creating new POS malware there. Outdated fleets of ATMs made it fairly easy for attackers to gain access and steal money from those devices, as the outdated equipment was vulnerable to most malware families and generally had a low level of cybersecurity, according to Kaspersky. SEE: Mobile device security policy (TechRepublic Premium) Most targeted regions for ATM/PoS malware attacks in 2020-2022įrom 2017 to 2021, Russia has always been the most impacted country.
In 2021, a 39% increase of the attacks was observed, showing that the COVID-19 restrictions had been dropped down, allowing customers to return to their usual consumer habits. While the lockdowns saw a lot of devices being turned fully off, another reason explaining this drop is the global number of cash machines tending to decrease, as explained by the researchers.
Number of devices affected by ATM/PoS malware from 2018 to 2021. In 2020, the number of attacks on ATM/PoS dropped significantly in comparison to 2019, from approximately 8,000 attacks to 4,800 ( Figure A).įigure A Image: Kaspersky. Lockdowns all around the globe during the pandemic have seriously reduced ATM and PoS malware activity, since people stayed at home with no other possibility than buying what they needed online instead of physically going to shops. Image: weerapat1003/Adobe StockĪ new report from Kaspersky sheds light on the 2020-2022 ATM and Point of Sale (PoS) malware landscape. Attacks using ATM or PoS malware are on the rise again in 2022 after the COVID-19 lockdowns.
0 kommentar(er)
