Claims that infected systems caused by the Dexter malware attack are “clean” and that consumers have “nothing to worry about” are unfounded, a security industry expert has said.
SecureData Africa chief technology officer Wayne Olsen says consumers should still be concerned as it is a “well-known fact” that over the festive season there is a marked increase in malware and virus attacks by criminals seeking financial gain.
South Africa’s banks suffered tens of millions of rand worth in losses due to a major breach of customer card data by criminal syndicates that infected electronic point-of-sale (POS) terminals using a variant of the Trojan horse malicious software called Dexter.
Local banks first became aware of the problem earlier this year. Local police, Interpol and Europol all became involved in a multinational investigation to bring the syndicate or syndicates responsible for the data breach to book.
Wikipedia describes a Trojan as a “hacking program that is a non-self-replicating type of malware that gains privileged access to the operating system [of a device] while appearing to perform a desirable function”. In reality it contains a “malicious payload” that often also has a “backdoor” that allows unauthorised access to the target device.
Dexter reads the content of an infected POS terminal’s memory, looking for data from the magnetic stripe on the back of bank cards.
Although the Dexter malware focused on larger retailers and chains, it is the smaller players that should be the most concerned, says Olsen.
His remarks come after Payments Association of South Africa CEO Walter Volker said that South African banking customers should not panic about the Dexter malware.
“All the fast-food retailers have been cleaned out as far as possible,” Volker told TechCentral in an interview in October. “We’re still looking at some sites that are questionable, but they are a very small minority. I don’t think there’s any need for panic or concern at this stage and certainly no one will be out of pocket [as the banks will honour losses].”
Olsen says the latest variant of the malware has been identified and cleaned off high-profile retailers, but it is smaller retailers that will be next to be targeted, and they’re an “easy target”.
“They should not under any circumstance be lulled into a false sense of security. Having the latest antivirus software means absolutely nothing if the operating system it is sitting in on is not up to date.”
Olsen says that in addition to updating their antivirus software regularly, retailers need to ensure that the operating systems on their point-of-sale terminals, which are often Windows desktops or laptops, are regularly patched with the latest security updates.
He says, too, that Wi-Fi networks pose a big threat. “Many POS terminals operate on the same Wi-Fi network as that used by staff and customers. This means that anyone can infect or hack into them. Segmentation of the network is vital to ensuring a secure POS terminal.”
And retailers should never leave their POS terminals unattended, he says.
“Making the POS terminal easily accessible to the general public puts the business at huge risk. Staff need to be educated as to possible risks so that they can be aware of and respond to suspicious activity. Making it easy for someone to tamper with the credit/debit card reader or stick a malware-laden USB driver into the POS box should be avoided at all costs.” — (c) 2013 NewsCentral Media