The method used to infect these systems has not been determined yet, but given that many of them run Windows Server and are most likely not used for Web browsing, Raff believes that the attackers probably compromised other computers on the same networks first and then infected the PoS systems.
When Seculert's researchers found the Dexter sample, there were some antivirus programs that already detected it as malicious, Raff said. The company has since shared it with other vendors from the security industry, he said.
There seems to be a growing trend of cybercriminals infecting PoS systems with malware. Two weeks ago, Romanian authorities arrested 16 suspected members of a cybercrime ring that installed transaction data stealing malware on PoS systems belonging to foreign companies operating gas stations and grocery stores.
According to the authorities, the stolen data was either sold on underground websites or was used to create counterfeit payment cards. It's estimated that the criminal operation resulted in fraudulent transactions totaling over $25 million being performed with 500,000 payment cards.
It was later revealed that the companies targeted by the Romanian gang were mainly from Australia, so the gang behind the Dexter malware is probably a different one. However, Raff agreed that the methods of operation are very similar.
Raff said that if the targeted companies would have encrypted the data directly on the hardware PoS terminals before sending it out to their payment processing providers, a method commonly known as end-to-end encryption, attacks like the ones based on the Dexter malware could have been prevented.
However, the adoption of end-to-end encryption technology for card-present transactions is currently low, because it often requires the replacement of all PoS devices with newer models capable of encrypting the data.