Last week, the Ransomware virus called WannaCry threatened to affect many computers all over the world, now the sector of financial services is facing worries of a new possible threat called 'Flokibot', which is malicious software (malware).
According to Indian Express, Flokibot malware can affect integrity of huge network of the PoS machines. The Indian Computer Emergency Response Team (CERT-In) flagged this issue in February, saying that Trojan virus can steal banking credentials as soon as the customers swapped its debit/credit cards from PoS terminals.
Banks added over 10 lakh Point-of-Sale machines during the 5 month period of November 2016 and March 2017, following the push towards digital payments by the government, as well as reduction of both the transaction cost and acquisition cost of the Point-of-Sale terminals. The number of PoS machines at the end of March 2016 was 13.82 lakh, which increased to 15.12 lakh by October 2016. At the end of March 2017, India recorded 27.73 lakh PoS terminals, the RBI data states.
The report further stated that malware Flokibot has already affect the Point of Sale mechanism in Brazil, together with few incidents found in various countries like Paraguay, Australia, US, and Argentina. CERT-In said that, "The malware is believed to be the modified version of Zeus malware with enhanced capabilities of infecting Point of Sale (PoS) devices/terminals targeting banking/financial information."
It also advised that merchants and organisations providing PoS services to review all system logs for any unexplained and strange activity and must install anti-malware engines and should update it to protect the systems from such attacks. It added that anti-malware engines should be installed and updated to protect the systems from such attacks.
Counter-measures are also suggested by Computer Response Team (CRT) for safeguarding the PoS infrastructure from a likely attack. Moreover, the experts have further recommended that for preventing the cyberattacks, key financial as well as infrastructure systems must get regularly updated.