POS-terminals become target of cyber-attacks in Russia this year

POS-terminals have increasingly become a target for cyber-attackers in Russia, posing a threat to ordinary buyers and shoppers, according to analysts of FinCERT

POS-terminals become target of cyber-attacks in Russia this year
POS-terminals become target of cyber-attacks in Russia this year

POS-terminals have increasingly become a target for cyber-attackers in Russia, posing a threat to ordinary buyers and shoppers, according to analysts of FinCERT, a  Russian Central Bank centre for the fight against cyber-attacks.

Previously POS attacks were rare in Russia and were mostly seen in Western countries, however, as Sergey Velenov, a spokesman of FinCERT, told SCMagazineUK.com, in recent years the situation has changed.

According to FinCERT, the attacks are usually conducted with the aim of stealing the card data of their holders.

The method of attack involves illegal downloading and installation of malicious software on POS-terminals, (the majority of which are Windows-based), in order to intercept data entered via the keyboard, as well as gaining remote control of the device and retrieving data from the memory of the terminals.

The ever-growing number of cyber-attacks on POS-terminals in Russia has also been confirmed by experts at the Russian Ministry of Internal Affairs' department for fighting cyber-crimes, according to which, hackers sometimes work together with employees of service companies, gaining access to POS-terminals (and in some cases - to the customers' payment cards) with their help.

A spokesman for the department told SC that, being in cahoots with employees and workers of retail stores and sale points, hackers sometimes try to sell the already modified and infected POS-terminals (which can save the pin-code of the card and transmit it remotely) to the department stores.  

According to the Russian Ministry of Internal Affairs, hackers are increasingly conducting attacks on POS-terminal servers. Gaining the control over the servers allows hackers to get approval of further authorisation requests from all the connected POS-terminals during the purchase of goods through them, thus enabling actual shoplifting to be conducted.

According to FinCERT data, the damage from such attacks in Russia since the beginning of the current year has amounted to 200 million rubles (£2.3 million), however the real figures may be significantly higher.