According to a study conducted by FireEye, employees who use point of sale (PoS) devices to browse the internet or catch up on emails are potentially opening the front door to cybercriminals.
It was found that many emails nowadays have fake attachments, which often have a destructive macro embedded within them. If enabled to run, the malware known as NitlovePOS targets payment data information from the PoS systems and transmits this back to its source. These details can then be used to steal credit card information.
Whilst this kind of threat has been around for many years, the access point for such malware has usually been via spam, random attack or infecting another PC on the network. However, this new virus is specifically being targeted at employees using the dual capability of PoS computers for the web and emails.
It was found that Windows-based machines are popular for PoS and are generally used by employees who would not normally be the subject of IT training. As such, they may not have had a proper cyber safety policy induction and could sometimes be working without close supervision.
Internet security company Trustwave commented:
“Organizations should educate their employees to follow best security practices, such as only using PoS systems for what they are intended for and not to browse the web, check email, play video games…”
As with the threat of any malware, virus or trojan, maintaining a high level of network security is only effective if education and training is of a similar standard. Luckily, the team here at Ten Ten Systems is ready to support clients with this.