News

How to prevent kiosk malware 'Dare Devil' from stealing your ROI

Los Angeles cyber threat intelligence firm IntelCrawler has reported a new type of POS malware called “d4re|dev1|” that is attacking ticketing and other electronic kiosks.

December 9, 2014

Los Angeles cyber threat intelligence firm IntelCrawler has reported a new type of POS malware called "d4re|dev1|" that is attacking ticketing and other electronic kiosks, according to the company's website.

The strain is targeting mass transit systems, acting as an advanced backdoor with remote administration, including keylogging and RAM scrapping features.

The POS malware is one in a growing list of POS variants developed by cybercriminals due to the high ROI from companies such as Target and Home Depot, IntelCrawler said. Other variants identified by IntelCrawler include POSCLOUD, Nemanja, JackPOS, BlackPOS and Decebal. 

Recent POS investigations have revealed that some operators placed their terminals at risk by violating their own internal security policies. Operators playing games, Web surfing, checking email, sending messages and viewing social networks on their POS terminals create opportunities for third-party credential exposure due to the weak passwords and logins commonly used for these activities, the company said. 

Other investigations have found organized crime groups distributing malicious code and compromising the network environments of ticket vending and electronic kiosk machines placed in mass transit systems and public spaces. IntelCrawler predicts these devices will become the latest target for cybercriminals. Although the machines don't often house large amounts of money like ATMs, public-use kiosks often lack secure methods of remote administration, permitting infectious payloads and exfiltration of payment data, the company said.

IntelCrawler recommends consulting PCI vendors to reduce administration channels to the VPN and restricting the software environment for operators by formulating access control lists and updated security policies.

For screenshots and more information on these cyber threats, see IntelCrawler's website here.