Cyber Attacks on Point-of-Sale via Rdasrv Malware

Cyber Attacks on Point-of-Sale via Rdasrv Malware

Point of Sale (POS) Attack is a technique utilized by cybercriminals to obtain credit card and debit card information at the point of sale and payment terminals. The attackers apply man in the middle attack to intercept data processing at the retail checkout point of sale system. For instance, they employ RAM scrapping approach that involves accessing the memory of the system and exporting data through Remote Access Trojan (RAT). This technique is accompanied by minimum software and hardware tampering thus difficult to detect. Among the malware variants utilized by the attackers to scrape the RAM include Rdasrv, Alina, VSkimmer, Decter, BlackPOS, FastPOS, PunkeyPOS, Multigrain Malware, CenterPOS, and MalumPOS.

How Rdasrv Infects the System

Rdasrv installs itself into a windows computer as an executable file named rdasrv.exe. The malware scans through credit card data extracting confidential credit card information including the name, account number, expiry date, and other information that the attackers intent to steal. After scraping the information, the malware stores into a file named data.txt or current block.txt and transmits it to the hacker.

X-PHY Protection Method

The POS cyber criminals utilize a number of weaknesses in the system terminals to launch an attack. For instance, the POS targeted malware gets into the system when employees use the terminals for internet browsing or receive emails. Additionally, the need for regular remote access to the terminals for central updates and troubleshooting also provides a surface for the malware to attack the system. X-PHY AI Embedded Cyber Secure SSD offers the most advanced protection with the cyber security solution comprising of X-Guard Threat Lock, X-Stream Protection, X-Factor Encryption Lock, and X-Site secure to ensure that confidential data in the POS system is secure.

X-PHY AI Embedded Cyber Secure SSD offers the most advanced protection with the cyber security solution comprising of real-time security monitoring. All the incoming and outgoing data streams are monitored to ensure that a threat is detected before it causes any harm. In this case, a malware targeting the POS system will be detected as soon as it is downloaded into the system. As such, the malware will be stopped before it compromises the integrity of the credit information in the system.

When the malware gets into the system, it resides at the retailer endpoints where it scansPOS terminal memory for card data to send to the botmaster. When a transaction is recorded, the associated data is instantly stored on the retailer endpoints. Even though the system is designed to encrypt the data immediately, the POS Trojan utilizes a tiny window where the data remains unencrypted as it awaits authorization and be saved in process memory.

The Firmware Digital Signature solution in X-PHY AI Embedded Cyber Secure SSD enables digital signature in the firmware to verify the authenticity and integrity of the stored data. As such, the malware residing at the retailer endpoints will fail the test and be identified before it causes harm. Early identification would trigger system lockdown protocol that would protect the data from malicious attackers.

Share This On Your Favorite Social Media!