Canada hit by worldwide PoS infection

Retailers’ point-of-sale (PoS) systems seem to be one of the soft targets for cybercriminals looking to steal payment and credit card information from unsuspecting users.

A huge global botnet, discovered last week, affected some 1500 point-of-sale terminals, accounting systems and other retail platform belonging to businesses in 36 countries, including Canada.

The huge botnet of infected systems was discovered by IntelCrawler, a cyber threat intelligence firm based in Los Angeles, California. IntelCrawler first detected the botnet, which it dubbed “Nemanja,” in March. It says the culprits may be Serbian.

As reported in Network World, the size of the botnet and the geographical spread of the incidents highlights the nature of the threats the retail sector faces, especially after a number of recent PoS breaches affected U.S. retailers.

“Past incidents showed high attention from modern cybercriminality to retailers and small business segments having Point-of-Sale terminals,” IntelCrawler said in its blog post about the botnet. “We predict an increasing number of new data breaches in both sectors in the next few years, as well as the appearance of new types of specific malicious code targeted at retailers’ backoffice systems and cash registers.”

Infected PoS terminals have become a key source of compromised credit cards for cybercriminals. Image: IntelCrawler Read more:  or visit for more Canadian IT News
Infected PoS terminals have become a key source of compromised credit cards for cybercriminals. Image: IntelCrawler

IntelCrawler identified 25 different PoS, grocery store management and accounting programs running on the affected systems. While the malware was able to collect credit card data, it also performed keylogging to gather credentials that could be used to access other systems with payment and personal data.

“The nature of POS-related crimes can be different from country to country, but it shows the insecurity of modern payment environments,” IntelCrawler says. “The bad actors combine several attack vectors in order to infect operators’ stations – ‘drive-by-download’ and remote administration channels hacking.
Card associations should expect a trend of POS infections in developing countries in the near future, because of high significant lag in information security of retailers.”

Countries with high “social grades” and developed payment industries, including Canada, will also remain high on attackers’ lists, IntelCrawler says.

IntelCrawler says that PoS malware will be incorporated into malicious remote access tools (RATs) or other Trojan programs and will be used alongside other malware such as key loggers or network traffic sniffers.

PoS systems seem to be a major Achilles’ Heel as far as sensitive personal and payment data is concerned. Network World notes that a recent report from Trustwave found that one-third of the data breaches it investigated in 2013 in fact involved compromised PoS terminals.

However a recent Verizon report based on a larger statistical sample concluded that only 14 per cent of data breaches involved PoS attacks.

Other countries affected by Nemanja include the U.S., France, Germany, Hong Kong, India, Turkey and Venezuela.

Andrew Brooks
Andrew Brooks
Andrew Brooks is managing editor of IT World Canada. He has been a technology journalist and editor for 20 years, including stints at Technology in Government, Computing Canada and other publications.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

ITW in your inbox

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

More Best of The Web