News Thousands of Amazon AWS Instances Host C&C Servers for...

Thousands of Amazon AWS Instances Host C&C Servers for POS Malware


- Advertisment -

Malware has turned into a booming industry for cybercriminals over the past few years. In fact, there are so many types of malware in circulation that no hardware or software is safe from harm right now. Point-of-sale (POS) terminals are of particular interest to criminals, although a lot of these efforts are not overly successful. New research by the Kromtech Security Center shows how ElasticSearch servers are some of the main culprits when it comes to hosting PoS malware.

Point-of-sale Malware is a big Problem

Anyone who owns or works at a physical store will have come in contact with point-of-sale devices. These terminals allow retailers to accept different payment methods including debit, credit, and bank cards. A point-of-sale terminal is greatly valuable to any business owner. After all, one can barely afford to run a business without accepting card payments with a PoS terminal these days.

Unfortunately – though perhaps not unexpectedly – these machines have become targets for cybercriminals. Rather than physically modifying a point-of-sale terminal, criminals are now using different types of malware to remotely control information processed by the device. In most cases, such malware is used to collect payment card information, which is then used for nefarious purposes or sold to other criminals on the darknet.

There are currently two PoS malware strains that are particularly concerning. AlinaPOS and JackPOS are two very serious threats to anyone who owns a point-of-sale terminal. As most of these devices are connected to the Internet in one way or another, they are effectively prone to infection by these malware strains. Both of these strains have seen a major increase in their distribution of late, which is rather troublesome.

It turns out one of the distribution methods for both AlinaPOS and JackPOS comes in the form of ElasticSearch servers. Over 15,000 of these servers are accessible through the Internet without requiring any form of authentication whatsoever. Over 4,000 unsecured servers are used to host files related to AlinaPOS and JackPOS’s command & control infrastructure. That is a big problem which should be addressed sooner rather than later.

This information hints at how ElasticSearch servers are often used to host POS malware command & control servers. What is more, 99% of all POS malware-infected servers are hosted on Amazon’s AWS service. That is not surprising by any means, as AWS allows users to get a free instance with up to 10gb of disk space. The t2 micro EC2 instance can only be set up with ElasticSearch versions 1.5.2 and 2.3.2. It makes perfect sense for criminals to use these free tools to host POS malware C&C infrastructure.

Thankfully, Amazon and other affected companies have been notified about this problem. So far, no one has issued a response or attempted to address this problem in the first place, which is not a good sign. While POS malware is often considered a niche threat, one has to wonder why there are over 4,000 command & control servers in existence today. Both AlinaPOS and JackPOS have caused a lot of damage over the past few years and they are still actively used to this day. Perhaps this is not such a niche market as originally assumed.

Source link


Please enter your comment!
Please enter your name here

Latest news

What’s the future of decentralized blockchains?

When Bitcoin was new and not valued at anything or just a few cents anyone could join...

My 5 favorite free crypto tools & sites I use daily

So I often get asked by friends, or people visiting my site about new tips for exciting...

Cryptocurrency is The Last Kingdom Where You Can Keep Your Data Private

Data privacy has been a hot topic for quite some time now and particularly after the popularity...

How To Travel With Bitcoin: 9 Travel Companies Accepting Bitcoin

Bitcoin travel is a reality, as several travel companies now accept payments in cryptocurrencies for their services.
- Advertisement -Thousands of Amazon AWS Instances Host C&C Servers for POS Malware

Top 5 Ways To Build a Profitable Business in The Crypto Sector

The crypto industry has grown significantly despite criticism and a skeptical approach from regulators across the globe....

These 8 Cryptocurrencies Will Survive the Next Decade

Cryptocurrency is the future, we all have reasons to believe it. But are people ready...

Must read

- Advertisement -

You might also likeRELATED
Recommended to you