The protections that chip and PIN payment card solutions offer may fall short as cybercriminals begin installing command-and-control malware on infected EMV device readers, a new report warns.
Cybercriminals could begin repurposing ATM EMV malware to attack retail environments by infecting point-of-sale (POS) machines (possibly via malicious USB drives) and then introducing an altered EMV chip to the POS terminal, researchers from Booz Allen Hamilton said in the company’s 2019 Cyber Threat Outlook report.
The attack can be traced back to the Skimmer15 and Ripper16 malware families, which use a malicious EMV chip to authenticate and grant access to hidden menus within ATMs already infected with the malware. Criminals may also look to exploit the EMV protocol, since embedded systems tend to allow elevated trust when interacting at the hardware level.
“Looking further to the future, criminals may exploit NFC applications in the same ways that we think they will abuse EMV technology,” researchers also said in the report. “Instead of interacting with malware via EMV chips, criminals might identify new ways to use NFC-ready devices as consumers increasingly present their mobile phones to authorize transactions.”
To mitigate these threats, researchers should ensure logical and physical access to POS machines is restricted to authorized users, and disable access methods like USB when possible. Users should also increase monitoring at the file-system level on EMV-enabled POS machines to alert when files are being accessed outside normal operations.