FireEye has discovered how the point of sale systems of over 100 North American retail, restaurant and hospitality organizations were compromised. These compromised exposed payment card data to bad guys. In its report, Threat Actor Leverages Windows Zero-day Exploit in Payment Card Data Attacks, FireEye describes in great detail how two zero day exploits are used to steal the payment data. The first exploit allows the attacker to escalate the attacker’s system privileges. The second exploit allows the bad guy to steal data out of the memory of Point of Sale (POS) systems.
In order for these new exploits to do anything, the exploits must first be installed on the targeted systems. How can the bad guy do that? You guessed it — spearphishing. In this attack, the bad guy needs the user to take the following actions:
- Open the email
- Open the attachment
- Enable the evil scripts in the attachment
All three of these steps are accomplished using spearphishing.
Spearphishing targets the minds of victims with deception. You can disrupt that deception using SP Guard.