Visa released a public update to their Memory-Parsing Malware Warning yesterday bringing forward signatures and IPs from their original alert in April based on recent activity. This very effective technique can present itself leveraging commonly used debugging techniques for software. Essentially, this malware will access a few readily available routines to hook into the memory in a way that allows them to access and export full track data. So all of you folks who told QSAs like me this would never happen in a million years (this was a constant conversation from 2004 to 2009), baZINGA.
Civilian Technician Inspects Circuit Board at Army Aviation Centre Middle Wallop, by UK Ministry of Defence
Now that we have bazinga’d, let’s focus on how to prevent this from happening. Remember that post I did a while back about the Top Five PCI DSS Mistakes that Lead to a Breach? Well, it’s number 4 on that list. And numbers 1-3 and 5 are largely the cause of number 4 showing up on a system. Confused? Go read the post.
Large merchants should be doing more to remove logic from the actual end point and boot securely from known-good images (possibly retrieved from hardened network servers in the corporate offices). Small merchants might consider that upgrade to a secure tablet or purpose-built mobile terminal right about now. You all know I’m an Apple fanboy, but in this case I think the industry is behind me as long as the device is not rooted or jailbroken. In fact, if you look around I bet you will see more iOS devices used in the field, especially among new merchants. iOS devices have their own issues, but this would definitely remove the immediate risk associated with this type of vulnerability while providing much more flexibility to the merchant.
Go check out the release and make sure that you are performing the recommended remediation items at a minimum. There are four areas that you can focus on to assist with this, with multiple tips therein. Enjoy!
Possibly Related Posts:
- Selective Domain Filtering with Postfix and a SPAM Filtering Service
- PCI DSS 4.0 Released plus BOOK DETAILS!
- Preventing Account Takeover, Enable MFA!
- Proofpoint Patches URL Sandbox Bypass Bug
- Improve Outbound Email with SPF, DKIM, and DMARC