Fujitsu
Not logged in » Login
X

Please login

Please log in with your Fujitsu Partner Account.

Login


» Forgot password

Register now

If you do not have a Fujitsu Partner Account, please register for a new account.

» Register now

Recent Discussion:

NickBown | 22.12.2018, 14:18
We have come across this issue as well, and don't seem to have found a way around it (the server is ...
NickBown | 20.12.2018, 18:40
Hi everyoneWe've got an RX2540 M1 which won't boot past the Fujitsu splash screen (which shows the i...
MarkM | 15.10.2018, 11:33
Hi there.I do not believe the Fujitsu policy on this subject has changed.So NO you can not order dri...
Jul 31 2015

Trend Micro Warning: Angler Exploit Kit Now Attacks PoS Systems

Japanese security specialist Trend Micro has noticed that cyber-crooks are increasingly targeting point-of-sales (PoS) systems via the notorious Angler Exploit Kit, their current favorite sophisticated malware.

According to a report from Trend Micro researcher Anthony J. Melgarejo, the Angler attack is part of a new wave of exploits that increasingly target PoS systems. He points out Angler typically establishes a network foothold with the help of malvertising and compromised sites, specifically using two Adobe Flash vulnerabilities (CVE-2015-0336 and CVE-2015-3104) as vehicles. Then Angler pushes a PoS reconnaissance Trojan identified as TROJ_RECOLOAD.A onto the infected system. The Trojan utilizes Angler's inherent capability of fileless installation to avoid detection by the system firewall – the Trojan exists only in memory and is directly written to RAM, where it is extremely difficult to detect.

TROJ_RECOLOAD.A at first employs several anti-analysis techniques, checking for instance if modules related to virtualization, sandbox and analysis tools are loaded. If not, TROJ_RECOLOAD.A performs reconnaissance in the system to determine which payload is suitable for the infected system. Checking the system for multiple conditions by searching for data of specific websites and companies for electronic payments and PoS transactions, it discerns whether a system is a single PoS machine or part of PoS network, e.g. as deployed by credit card companies or vendors of online payment solutions. Following a successful search, the Trojan downloads additional malware specifically tailored to the attacked system.

Melgarejo says the code reveals that malware authors are very observant of the security industry; Angler filters its finds and selects insufficiently protected PoS systems for attack: "TROJ_RECOLOAD.A's looks for both malware related modules and common user names used in sandbox analysis – an approach that has been observed on some malware documented last year."

Advice on countermeasures against the Angler attack type is available from Trend Micro's Security Intelligence Blog; earlier this year, the company also issued a white paper entitled "Defending Against PoS RAM Scrapers: Current Strategies and Next-Gen Technologies" that's available for download here.

 
SHARE

Comments on this article

No comments yet.

Please Login to leave a comment.