WebsiteGear Logo Log In
New User? Sign Up
About | Contact | FAQ
  Home News Web Hosting Domain Name Industry Monday, August 3, 2020 
Add Press Release News | News Feeds Feeds | Email This News Email

New Intelligence Reveals that Alina Point-of-Sale Malware is Still Lurking in DNS
Thursday, July 9, 2020

CenturyLink's Black Lotus Labs warns organizations of credit card theft

DENVER, July 1, 2020 /PRNewswire/ -- Point-of-Sale (POS) malware is nothing new, and the Alina malware - which cyber criminals use to scrape credit card numbers from POS systems - has been around for many years. New intelligence from CenturyLink's Black Lotus Labs, however, revealed that criminals are not yet done with Alina, and they continue to find new ways to use it to steal unsuspecting victims' credit- and debit-card data.

The theft was discovered after one of Black Lotus Labs' machine-learning models flagged unusual queries to a specific domain in April 2020. Rigorous research determined that the Alina POS malware was utilizing Domain Name System (DNS) - the function that converts a website name into an IP address - as the outbound communication channel through which the stolen data was exfiltrated.

"Black Lotus Labs is releasing this intelligence in support of our mission to leverage our global network visibility to protect our customers and keep the internet clean," said Mike Benjamin, head of Black Lotus Labs. "We will continue to monitor this situation as we work to eliminate the threat. We strongly recommend that all organizations monitor DNS traffic for suspicious queries to prevent this and other threats."

The Bottom Line:

POS malware continues to pose a serious security threat, and DNS is a popular choice for malware authors to bypass security controls and exfiltrate data from protected networks. Malicious actors regularly update their Tactics, Techniques and Procedures (TTPs) to evade detection, so the best defense is continuous monitoring for anomalous behavior.

Details Of Black Lotus Labs' Findings Can Be Found in the Alina POS Malware Blog:

How and Why DNS is Important:

Credit card processing systems typically run in Windows environments, allowing them to be targeted by the existing skills of the crimeware markets. Although credit card processing occurs in highly restricted environments, DNS often goes unmonitored, which makes it an attractive choice for the exfiltration of credit card information.

To do this, malware authors encode the stolen information and issue a DNS query to the actor-controlled domain name. The encoded data is placed in a subdomain, which the malicious actors then extract when they receive the DNS query. The stolen data is subsequently sold in underground criminal markets.

Key Research Findings:

    --  This POS malware uses DNS to evade detection and bypass security
    --  Four domains showed similar DNS queries. A suspicious looking fifth
        domain was unused, but it was hosted on the same IP. Actors often
        register multiple domains to provide redundancy if one or more of the
        malicious domains is blocked.
    --  Black Lotus Labs was able to identify Alina's encoding methodology and
        confirm exfiltration of the stolen data.

Additional Resources:

    --  Learn more about Black Lotus Labs:
    --  Read more about DNS threats in the CenturyLink 2019 Threat Research
    --  Read our blog on Ismdoor malware and the use of DNS tunneling:

About CenturyLink:

CenturyLink (NYSE: CTL) is a technology leader delivering hybrid networking, cloud connectivity, and security solutions to customers around the world. Through its extensive global fiber network, CenturyLink provides secure and reliable services to meet the growing digital demands of businesses and consumers. CenturyLink strives to be the trusted connection to the networked world and is focused on delivering technology that enhances the customer experience. Learn more at

View original content to download multimedia:

SOURCE CenturyLink Inc.

Email This News Email | Submit To Slashdot Slashdot | Submit To Digg | Submit To | News Feeds Feeds

Nav Large Volume Wearable Injectors Market Landscape 2020-2030 - Extensive Focus on the Emergence of Patient-Centric, Convenient, Cost-Effective and User-Friendly Wearable Drug Delivery Solutions | Aug 3, 2020
Nav Winshuttle and Comma to Co-Sponsor Presentation by Forrester Titled "How Can Brands Be 'Future Ready' for Digital Transformation" on Thursday July 30 | Aug 3, 2020
Nav Yext Answers Goes Global with Language Expansion | Aug 3, 2020
Nav Infosys Selected by Consolidated Edison to Digitally Transform Customer Service | Aug 3, 2020
Nav Hosiery (Women & Men) Market to Reach $59 Billion by 2027, Despite the COVID-19 Pandemic | Aug 3, 2020
Nav Global Outlook for Subscriber Data Management Market to 2025 - Centralized Data Management Supported by Cloud-Based Storage and Retrieval will Enable Operational Savings of up to 47% | Aug 3, 2020
Nav Global Traffic Information Services Industry Assessment 2020-2027 with Profiles of 54 Players Including Apple, Garmin, Google, TomTom and Waze | Aug 3, 2020
Nav Sapiens Acquires Delphi Technology to Accelerate its North American Expansion in the Medical Professional Liability Market | Aug 3, 2020
Nav Global Managed Domain Name System (DNS) Services Market, 2025 - Growth in Cloud Computing, Growing Era of IPv6 | Aug 3, 2020
Nav Latest Liquidware Stratusphere UX Release Delivers Unprecedented Work From Home Visibility | Aug 3, 2020

Submit News | View More News View More News