Soon after the threat of millions of computers across the world being affected by WannaCry Ransomware virus last week, the financial services sector is now facing concerns over a new potential threat from a malicious software (malware) called ‘Flokibot’ lately. As per a report by Indian Express, the Flokibot malware could affect the integrity of the large network of point-of-sale (PoS) machines. The Indian Computer Emergency Response Team (CERT-In) had flagged the issue in February stating that the torjan virus could steal the banking credentials soon after customers swap their debit/ credit cards from these PoS terminals.
In a bid to boost the digital economy in the country, Prime Minister Narendra Modi-led Bharatiya Janata Party (BJP) government has pushed digital payments mechanism and is constantly working towards reducing both transaction as well as acquisition costs of PoS terminals. Following the move, even banks have added around 10 lakh PoS machines within a period of five months between November 2016 and March 2017. The report also stated that the number of PoS machines till March 2016 stood at around 13.82 lakhs and rose to 15.12 lakh at the end of October 2016.
However, the Reserve Bank of India (RBI) data shows that in the next five months (during and post-demonetisation period), banks have added 10.16 lakh PoS machines making the overall count to 25.28 lakh.
Indian Express report further informed that the Flokibot malware has already affected the PoS mechanism in Brazil along with some incidents spotted in countries like the US, Australia, Argentina and Paraguay. The CERT-In note, in its aleart, said, “The malware is believed to be the modified version of Zeus malware with enhanced capabilities of infecting Point of Sale (PoS) devices/terminals targeting banking/financial information.”
You might also want to see this:
Clarifying its stand on the issue, the central cyber-security agency said, “The malware mainly targets the Windows operating systems. The malware uses several propagation mechanisms which include spear phishing emails containing malicious attachments pretending to be PoS/software updates, scanning and exploitation of vulnerabilities of remote administrative applications, exploitation of weak or default credentials, physical access to PoS machines for installing malware, compromising the machines providing remote support for PoS installations etc.”
It is also being reported that apart from taking out credentials of customers, the malware could also steal various other card information such as the CVV numbers etc. “The malware has the capability of exfiltrating payment cards data from the memory regions of several windows processes,” CERT-In added further.
The computer response team has also prescribed counter-measures to safeguard a PoS infrastructure from a potential attack. It has suggested that all PoS computers and applications must been thoroughly updated and systems linked to PoS activities should be restricted to that. CERT-In had also instructed all organisations and merchants using PoS services to review their system logs from any strange or inexplicable activities. The anti-malware engines should be installed and kept updated to guard the systems from such attacks, it added.