POS software and the underlying operating system should be kept up to date just like any other device. When possible, Binary Defense highly recommends using an Endpoint Detection and Response (EDR) solution side-by-side with traditional anti-virus products. Most malware that targets POS systems uses techniques such as injecting into other process memory, writing collected data to external files, and unusual patterns of network communication from POS devices. Threat actors who deploy POS malware typically use system automation techniques such as PsExec, PaExec, PowerShell remoting and Visual Basic scripts to deploy the malware to POS systems across a fleet and collect the data produced by the malware. Watching for unusual behavior by administrator accounts logging in to many POS devices through automation scripts is a good threat hunting technique to uncover malicious activity. Another common technique used by threat actors is to set up custom network proxies (using netsh portproxy, ssh port forwarding or other software) on compromised internal systems such as domain controllers, to allow otherwise isolated POS systems to send data out to the Internet via the proxy. Using an EDR solution or an MDR (managed detection and response) can help spot threats before they spread too far. Analysts at the Binary Defense Security Operations Center detect threats on our clients’ workstations and servers 24-hours a day and respond quickly to contain infections, preventing minor incidents from becoming a source of major damage across the company.

Source: https://www.welivesecurity.com/2020/11/12/hungry-data-modpipe-backdoor-hits-pos-software-hospitality-sector/