New malware poses Black Friday risk

There's a new malware targeting point-of-sale systems at U.S. retailers that could disrupt Black Friday, warns threat intelligence group iSight in a new report.

It's the most sophisticated POS malware to date, according to iSight Partners. ModPOS, short for modular point-of-sale system, is a comprehensive malware framework—a complex, highly functional and modular code base that is persistant and can go undetected by today's screening methods.

The malware isn't entirely new. ISight analysts believe it most likely originated out of Eastern Europe and has been targeting retail since early 2013. It is likely still active and yet undiscovered in some targets. More disconcerting is that some of its attributes allow it to avoid triggering alerts or show any indicators of compromise.

"In a nutshell, this is not your daddy's run-of-the-mill cyber crime malware," states the report.

EMV technology is no guarantee of protection, particularly if the system doesn't use end-to-end encryption. Even so, an estimated half of all retailers are still not equipped with EMV-enabled POS systems.

"A retailer that doesn't accept EMV cards is not at a meaningfully higher risk related to malware compared to those that do," said Brett Conradt, director of consulting firm Stax. "The malware is deep inside the POS systems and can pull data off both chipped and non-chipped cards. Given that most fraud is card-not-present fraud, the ability of thieves to use data from either type of card is essentially the same once they get the data from the POS system."

Isight has identified some targets and is making more detailed information available to help retailers hunt for the malware hiding in their systems.

Security ranks high with shoppers. Target's massive data breach in 2013 helped torpedo its holiday sales, and several retailers followed in its footsteps. Neiman Marcus, Sally Beauty, Kmart, Staples, Dairy Queen, Home Depot, Michael's and Supervalu have all been hit by large-scale data breaches.

*This story was updated to include a quote from Brett Conradt, director of consulting firm Stax.

For more:
-See this iSight report

Related stories:
How to keep EMV confusion from ruining Christmas
Target: Timeline of a data breach
Target switches to PIN card for better security
Holiday surprise: Target has supply chain problems, again
Cyber security affects consumer holiday spending