RE: “KUHOOK” POINT OF SALE MALWARE
Please read the Visa Security Alert linked here: Visa Security Alert 12 2015
Visa has observed criminal malware aka “Kuhook” designed to steal card holder payment data from point of sale (POS) systems still running the Microsoft Windows XP operating system. Microsoft retired Windows XP Professional April 2014 and will soon retire Windows XP Embedded January 2016.
Kuhook is some of the most sophisticated and difficult to detect payment card stealing malware Visa has ever seen.
Credit Card Compliance Data Security Standards section 6.2 requires that critical systems be patched and updated to protect against known vulnerabilities, and because this is not possible to do with a retired Microsoft operating system, such as Windows XP, hackers are taking full advantage and targeting businesses that continue to run these obsolete operating systems.
Here is a link to the PCI Data Security Standards: PCI Data Security Standards 3.0
It’s not worth the risk to roll the dice and hope for the best. Data breaches continue to be on the rise and are detrimental to businesses that have been identified as a “Common Point of Purchase” of stolen card holder data.
It’s best to comply with the PCI Data Security Standards in regards to keeping critical systems updated. If your business is in a payment environment processing sensitive card holder data and is running a back office computer or touch screen terminal with a retired operating system that cannot be patched or updated to protect against known vulnerabilities, your business is not only failing to meet PCI Data Security Requirements, but is also at serious risk. Please contact your POS provider as soon as possible and plan a strategy for a successful upgrade path.
Q: How do I know my Business is at Risk?
A: If your business is processing credit cards by swiping cards and/or typing in card numbers on a touch screen computer or back office computer running the Microsoft Windows XP Professional (or older) operating system after April 2014.
A: If your business is processing credit cards by swiping cards and/or typing in card numbers on a touch screen computer or back office computer running the Microsoft Windows XP Embedded (or older) operating system after January 12th 2016.
Please contact your POS provider if you are uncertain which operating systems your payment applications are running on.