Mitigating the ModPOS threat to retailers

The ModPOS threat has been described both as “the most sophisticated point-of-sale malware we have seen” and “a complex, highly functional and modular code base that places a very heavy emphasis on obfuscation and persistence” by iSIGHT, which has reversed engineered the malware and published an in-depth report with threat indicators on the subject. iSIGHT Partners first spotted elements of the ModPOS framework way back in 2012, although it wasn’t until 2013 that it logged activity in the wild properly. Throughout 2014, however, the attackers ramped things up with active targeting of US retailers and iSIGHT warns of a ‘high likliehood’ of ongoing ModPOS campaigns. “We believe this very hard to detect malware is likely being used in broader campaigns” says Stephen Ward from iSIGHT who continues “and are disclosing details to help retailers and other organizations with POS and other payment processing systems hunt for and eradicate the malware.” Here at IT Security Thing we recommend that you take the time to download and digest the iSIGHT report forthwith. In the meantime, here’s what the IT security industry suggests you should be doing to mitigate against the ModPOS threat and other POS malware as we run up to the seasonal sales peak following the Black Friday weekend.