Malware called “ChewBacca” targeting Point of Sale computers: SSO Alert Priority Moderate
7 February 2014
The scope of damage from recently discovered malware called “ChewBacca” has been analysed, revealing that it has stolen credit card details from 11 countries, including Australia. The malware currently targets Point of Sale (PoS) computers commonly used in shops and small businesses.
Businesses with PoS computers should ensure that both the software and antivirus systems are fully up to date on these computers. It is also advisable that computers used for PoS should not also be used to browse the internet.
The “ChewBacca” malware was discovered late in 2013. It steals data by recording information as it is entered from your keyboard. It can also search your computer's memory for more information to record and sends that back to the attacker via the internet.
Recently, security research firm RSA has uncovered that this malware has infected computers and businesses in 11 countries, including Australia. It has been used to steal credit card details and other payment information.
Recently there has been an increase in malware targeting PoS systems. Many businesses’ PoS systems are poorly protected compared to other systems on their network, despite the fact that they are critical to business operations and just as vulnerable to attacks.
Protecting Point of Sale systems
Businesses typically use a standard desktop computer to operate their PoS system, making it vulnerable to the same attacks that target most computers. This also means that the same measures for protecting these systems apply.
We recommend automating software and antivirus updates, which dramatically reduce your exposure to software vulnerabilities.
Because PoS systems handle high volumes of financial data, it is also advisable to limit the usage of these computers explicitly to these PoS tasks.
Browsing the internet using your PoS computers should be avoided as this exposes them to opportunities for attack or encountering malware.
We also advise that the installation of non-business programs should be limited. Users should not have administrator rights to the system. It is harder for malware to infect your computers if users do not have administrator privileges.
Lastly, you should also consider whether your PoS systems need to be connected to the internet at all. Some PoS systems will require network access to be able to save information to a server or to send reports via the internet, however, if this kind of functionality is not needed, it may be preferable (and far more secure) to disconnect it from the internet. Network configurations will vary between businesses, so we suggest speaking to your technical expert about this.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.