Undetectable ModPOS in the POS Systems Pose a Threat to Retailers
FREMONT, CA: The holiday season has brought with itself an unidentifiable threat for the retailers, a malware in their point of sale (POS) systems - ModPOS, according to a report by iSight Partners.
ModPOS or ModularPOS is a comprehensive malware framework that is difficult to detect and can be configured in multiple parts of a POS system. With software development proficiency, it creates a highly functional and modular code base focusing on obfuscation, making it undetectable by a number of modern day security systems.
The modular nature of ModPOS allows it to configure to target specific systems with components like uploader/downloader, keylogger, POS Ram scraper and custom plugins for credential theft. The modules are packed kernel drivers using multiple methods of encryption to evade the highly secure controls. It can affect any sector that uses a POS system including retail, food services, hospitality and heathcare.
Coming to the EMV technology, which was designed to make it difficult for malicious actors to manufacture clones to steal the data from the card, however, if the system configuration does not support end to end encryption then ModPOS can gain access to card data as well.
“ModPOS also features custom plugins and other specialized functions. Given its sophistication, it has taken our malware analysis ninjas a substantial amount of time to reverse-engineer the software," says Stephen Ward, Director, Marketing, iSight.
By James Seevers, CIO & GM, Toyoda Gosei
By Bill Krivoshik, SVP & CIO, Time Warner Inc.
By Gregory Morrison, SVP & CIO, Cox Enterprises
By Alberto Ruocco, CIO, American Electric Power
By Bruce. D. Smith, SVP & CIO, Information Systems, Advocate...
By Adrian Mebane, VP-Global Ethics & Compliance, The Hershey...
By Graham Welch, Director-Cisco Security, Cisco
By Michael Watkins, Senior Product Director, Global Knowledge
By Bernd Schlotter, President of Services, Unify
By Patrick Hale, CIO, VITAS Healthcare
By Steve Bein, VP-GIS, Michael Baker International
By Jason Alan Snyder, CTO, Momentum Worldwide
By Mike Morris, CIO, Legends
By Louis Carr, Jr., CIO, Clark County
By Bill Dow, SVP and General Manager of Business Solutions,...
By Jim Whitehurst, CEO, Red Hat
By Darren Cockrel, CIO, Coyote Logistics, a UPS Company...
By Nathan Johnson, SVP and CIO, Werner Enterprises [NASDAQ:...
By David Tamayo, CIO, DCS Corporation
By Neil Hampshire, CIO, ModusLink Global Solutions, Inc....