It doesn’t pass a month without a news about a new POS (point-of-sale) malware or credit card data breach. By nature, the details of this kind of breach cannot be public (banks, ongoing investigation, reputation, …). But what do we know really from POS malware ? Can we create groups of malware related to group of cyber criminals ? As we already do for standard malware, we need a honeypot for POS, so we can share publicly the TTP (techniques, tactics, and procedures) of POS cyber criminals.
The goal of this presentation is to explain how we can create a honeypot for POS with open source tools or custom scripts, and to show the results of 3 months of a running honeypot (samples, TTP, groups, …).