The protections that chip and PIN payment card solutions offer may fall short as cyber criminals begin installing command-and-control malware on infected EMV device readers, a new report warns.
Cyber criminals could begin re purposing ATM EMV malware to attack retail environments by infecting point-of-sale (POS) machines (possibly via malicious USB drives) and then introducing an altered EMV chip to the POS terminal, researchers from Booz Allen Hamilton said in the company’s 2019 Cyber Threat Outlook report.
The attack can be traced back to the Skimmer15 and Ripper16 malware
families, which use a malicious EMV chip to authenticate and grant
access to hidden menus within ATMs already infected with the malware.
Criminals may also look to exploit the EMV protocol, since embedded
systems tend to allow elevated trust when interacting at the hardware
“Looking further to the future, criminals may exploit NFC applications in the same ways that we think they will abuse EMV technology,” researchers also said in the report. “Instead of interacting with malware via EMV chips, criminals might identify new ways to use NFC-ready devices as consumers increasingly present their mobile phones to authorize transactions.”
To mitigate these threats, researchers should ensure logical and
physical access to POS machines is restricted to authorized users, and
disable access methods like USB when possible. Users should also
increase monitoring at the file-system level on EMV-enabled POS machines
to alert when files are being accessed outside normal operations.
The report also found that IoT devices may broaden the scope of
state-sponsored espionage operations, and prove to be an even more
valuable and vulnerable target. According to the report, 15 percent of
IoT device owners don’t change their device’s default passwords and
nearly 10 percent of IoT devices use one of the same five passwords for
Users should always change default passwords and close all
unnecessary open ports on existing IoT devices on their network. In
addition, users should establish a process to inventory, identify, scan
and secure new devices as they are integrated into the environment, and
include IoT and networking devices into their firm’s vulnerability
Booz Allen Hamilton also predicts threat actors will seek to weaponize adware networks with new techniques developed to improve their ability to persist on a host and infect more machines.
Other predictions in the report include:
- Deepfakes in the wild could spark information warfare as AI generated video improves.
- The wireless attack surface will grow as more devices become connected.
- Threat actors will increasingly target utilities companies such as water facilities in attacks targeting critical infrastructure.
Robert Abel Content Coordinator/Reporter