{"id":664,"date":"2018-03-13T18:29:00","date_gmt":"2018-03-13T18:29:00","guid":{"rendered":"https:\/\/live-infoblox-blog.pantheonsite.io\/?p=664"},"modified":"2020-12-16T17:53:25","modified_gmt":"2020-12-17T01:53:25","slug":"how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns","status":"publish","type":"post","link":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/","title":{"rendered":"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling"},"content":{"rendered":"<h2 id=\"toc-hId--1333280211\">POS Systems are Hackers Favorite<\/h2>\n<p>Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out. Like many other systems, PoS probably was initially designed at a time when there were fewer security incidents and had higher priority goals like more functionalities, ease-of-use and lower cost.<\/p>\n<p>Credit card or debit card numbers in the PoS systems are what hackers usually go after. In the underground market, these numbers can be sold from a few dollars to more than $100 a piece. The stolen numbers are then used to create counterfeit cards or to directly purchase goods from online stores. Hackers can make a profit if they find a way to harvest those credit card numbers at scale.<br \/>\nWe&#8217;ve seen plenty of PoS hacking activities in the past, especially in the retailer and restaurant industries. Notable examples of such activities in retailers include the Target data breach in 2013 and the Home Depot data breach in 2014. In both cases, the retailers had to spend millions of dollars for an internal investigation, to settle with the banks and to settle with impacted customers. Examples of those in restaurants include the data breaches of P.F.Chang&#8217;s in 2014, and that of Wendy&#8217;s in 2015, though they made fewer headlines because of the smaller scale of the breaches.<\/p>\n<p>Often the hacker\u2019s campaign includes the following common steps: planting malware inside a victim\u2019s network, collecting the card data from Point of Sales terminals\/servers, and then sending that data out to a server controlled by hackers. For the first step, hackers can use common malware infection methods such as remote or direct access; for the second step, their techniques include RAM scrapers, network sniffers, and database theft, among others.<br \/>\nOnce the hackers successfully collect the card data, it is critical for them to send the data out. Example methods include carrying the data out with a USB disk if they have physical access to the PoS, sending out emails or sending out to FTP\/HTTP servers. They can also send the data out using DNS with a method called DNS tunneling, where sensitive data can be transported using the subdomain portions of a DNS query.<\/p>\n<h2 id=\"toc-hId--445776530\">New PoS Malware that Uses DNS Tunneling<\/h2>\n<p>Off-the-shelf, ready-to-use DNS tunneling software such as Iodine and DNSCat is already available. Recently, security researchers found a new family of PoS malware called &#8220;UDPoS&#8221; that uses DNS tunneling to pass credit card data to ns[.]service-logmeln[.]network.\u00a0 (For a more detailed description, see\u00a0<a href=\"https:\/\/blogs.forcepoint.com\/security-labs\/udpos-exfiltrating-credit-card-data-dns\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">https:\/\/blogs.forcepoint.com\/security-labs\/udpos-exfiltrating-credit-card-data-dns<\/a>).<\/p>\n<p>Based on the sample data, it is clear that the data was encrypted and there was no signature in the data itself. Thus, any signature-based-method, a common tactic to detect DNS tunnels, would fail to detect such data exfiltration. Enterprises cannot simply block the DNS protocol or port because DNS is a critical network infrastructure service. While blocking ns[.]service-logmeln[.]network would work for the sample data, hackers can simply change the domain name of their servers or even use advanced techniques such as DGA (Domain Generation Algorithm) to hide their server behind thousands of fake domain names, making blacklist-based blocking mechanisms ineffective.<\/p>\n<h2 id=\"toc-hId-441727151\">Stopping PoS Attacks and DNS Tunneling<\/h2>\n<p>Fortunately, there is a method to detect such malicious activity\u2014behavior-based anomaly detection in DNS. Even though the queries used by UDPoS are legitimate DNS queries, they behave quite differently than normal DNS queries in that they have very different lexical features. Giving an example, the following is one of the queries this malware generates: e8cdf1ce69ec8ac.bin.92753b5792ad47766fc0a6dc225d18[.]a0c4fce0ec0dc142692045ff94b8a9[.]d4641f118d09d2778136de79d6bebb[.]a1cad77d94396dd5550a344ddec895[.]ns[.]service-logmeln[.]network (<strong>credit: our colleagues in forcepoint<\/strong>)<\/p>\n<p>Infoblox&#8217;s product line\u00a0<a href=\"https:\/\/www.infoblox.com\/products\/threat-insight\/?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">Threat Insight<\/a>\u00a0was built to detect such malicious activities in DNS traffic. Not only is it trained with trillions of real DNS queries, it is also directly integrated with Infoblox\u00a0<a href=\"https:\/\/www.infoblox.com\/products\/ddi\/?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">DNS<\/a>\u00a0products. Running on-premises or in-the-cloud, Threat Insight can detect\u00a0<a class=\" bf_ungated_init\" href=\"https:\/\/www.infoblox.com\/wp-content\/uploads\/infoblox-solution-note-preventing-dns-based-data-exfiltration.pdf?utm_source=blox-community&amp;utm_campaign=community-q2&amp;utm_medium=blox-community\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">data exfiltration<\/a>\u00a0over DNS tunneling as used by UDPoS. Infoblox Threat Insight can be deployed off-the-shelf without any special product configuration due to its artificial intelligence and machine learning algorithms. In a test case involving UDPoS on a network equipped with Threat Insight, Threat Insight detected the UDPoS activity as malicious after 7 to 44 queries (in different query configurations). Infoblox\u2019s DNS firewall to block all future UDPoS communications based on the detections. This makes hackers&#8217; lives miserable as their attempts would fail before significant amounts of data are exfiltrated. In addition, cloud-based Threat Insight can also detect DGA, Fast Flux (another blacklist evading technique). For details of DNSMessenger, see\u00a0<a href=\"http:\/\/blog.talosintelligence.com\/2017\/03\/dnsmessenger.html\" target=\"_blank\" rel=\"nofollow noopener noreferrer\">http:\/\/blog.talosintelligence.com\/2017\/03\/dnsmessenger.html<\/a>.<\/p>\n<p>Infoblox offers a suite of security products including signature-based Advanced DNS Protection, advanced Threat Intelligence, and Threat Insight, as part of the ActiveTrust\u00ae and ActiveTrust\u00ae Cloud\u00a0solutions. Together, these security products monitor DNS traffic at different checkpoints and disrupt malware communications.\u00a0 For more information, please visit\u00a0<a href=\"http:\/\/infoblox.com\/\" target=\"_self\" rel=\"nofollow noopener noreferrer\">infoblox.com<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>POS Systems are Hackers Favorite Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out. Like many other systems, PoS probably [&hellip;]<\/p>\n","protected":false},"author":249,"featured_media":666,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[2],"tags":[32,15,36,390,393,392],"class_list":{"0":"post-664","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-security","8":"tag-malware","9":"tag-security","10":"tag-threats","11":"tag-retail","12":"tag-consumer","13":"tag-retail-consumer-goods","14":"entry"},"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO Premium plugin v27.3 (Yoast SEO v27.3) - https:\/\/yoast.com\/product\/yoast-seo-premium-wordpress\/ -->\n<title>How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling<\/title>\n<meta name=\"description\" content=\"Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling\" \/>\n<meta property=\"og:description\" content=\"Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/\" \/>\n<meta property=\"og:site_name\" content=\"Infoblox Blog\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-13T18:29:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-12-17T01:53:25+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-2.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"660\" \/>\n\t<meta property=\"og:image:height\" content=\"454\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Philip Quian\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Philip Quian\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/\"},\"author\":{\"name\":\"Philip Quian\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/6a924a7ce4c0b4614b9b69fdeaea7cab\"},\"headline\":\"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling\",\"datePublished\":\"2018-03-13T18:29:00+00:00\",\"dateModified\":\"2020-12-17T01:53:25+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/\"},\"wordCount\":877,\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-2.jpg\",\"keywords\":[\"Malware\",\"Security\",\"Threats\",\"retail\",\"consumer\",\"retail &amp; consumer goods\"],\"articleSection\":[\"Security\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/\",\"name\":\"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-2.jpg\",\"datePublished\":\"2018-03-13T18:29:00+00:00\",\"dateModified\":\"2020-12-17T01:53:25+00:00\",\"description\":\"Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out.\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/#primaryimage\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-2.jpg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/security-banner-2.jpg\",\"width\":660,\"height\":454,\"caption\":\"digital abstract background with skull\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/security\\\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Security\",\"item\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/category\\\/security\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#website\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"name\":\"infoblox.com\\\/blog\\\/\",\"description\":\"\",\"publisher\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#organization\",\"name\":\"Infoblox\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"contentUrl\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/wp-content\\\/uploads\\\/infoblox-logo-2.svg\",\"width\":137,\"height\":30,\"caption\":\"Infoblox\"},\"image\":{\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/logo\\\/image\\\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/#\\\/schema\\\/person\\\/6a924a7ce4c0b4614b9b69fdeaea7cab\",\"name\":\"Philip Quian\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_249_1571768621-96x96.jpg\",\"url\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_249_1571768621-96x96.jpg\",\"contentUrl\":\"https:\\\/\\\/live-infoblox-blog.pantheonsite.io\\\/wp-content\\\/uploads\\\/avatar_user_249_1571768621-96x96.jpg\",\"caption\":\"Philip Quian\"},\"description\":\"Philip Qian is currently a senior product manager in security at Infoblox, Inc. where he manages analytics-based threat detection products. He has more than 15 years of experience in the network security industry, having worked at McAfee and HP ArcSight. He earned a Master of Science degree in Computer Science from University of North Carolina at Chapel Hill.\",\"url\":\"https:\\\/\\\/www.infoblox.com\\\/blog\\\/author\\\/philip-quian\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling","description":"Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/","og_locale":"en_US","og_type":"article","og_title":"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling","og_description":"Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out.","og_url":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/","og_site_name":"Infoblox Blog","article_published_time":"2018-03-13T18:29:00+00:00","article_modified_time":"2020-12-17T01:53:25+00:00","og_image":[{"width":660,"height":454,"url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-2.jpg","type":"image\/jpeg"}],"author":"Philip Quian","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Philip Quian","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/#article","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/"},"author":{"name":"Philip Quian","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/6a924a7ce4c0b4614b9b69fdeaea7cab"},"headline":"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling","datePublished":"2018-03-13T18:29:00+00:00","dateModified":"2020-12-17T01:53:25+00:00","mainEntityOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/"},"wordCount":877,"publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-2.jpg","keywords":["Malware","Security","Threats","retail","consumer","retail &amp; consumer goods"],"articleSection":["Security"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/","url":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/","name":"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling","isPartOf":{"@id":"https:\/\/www.infoblox.com\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/#primaryimage"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/#primaryimage"},"thumbnailUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-2.jpg","datePublished":"2018-03-13T18:29:00+00:00","dateModified":"2020-12-17T01:53:25+00:00","description":"Point of Sales (PoS) systems have been one of the favorite targets of hackers for a number of reasons: the high value of the data being processed, the ease of access to the data and the commonly available network connectivity to send data out.","breadcrumb":{"@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/#primaryimage","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-2.jpg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/security-banner-2.jpg","width":660,"height":454,"caption":"digital abstract background with skull"},{"@type":"BreadcrumbList","@id":"https:\/\/www.infoblox.com\/blog\/security\/how-to-stop-udpos-malware-from-stealing-your-pos-data-using-dns\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.infoblox.com\/blog\/"},{"@type":"ListItem","position":2,"name":"Security","item":"https:\/\/www.infoblox.com\/blog\/category\/security\/"},{"@type":"ListItem","position":3,"name":"How to Stop UDPoS Malware from Stealing Your PoS Data Using DNS Tunneling"}]},{"@type":"WebSite","@id":"https:\/\/www.infoblox.com\/blog\/#website","url":"https:\/\/www.infoblox.com\/blog\/","name":"infoblox.com\/blog\/","description":"","publisher":{"@id":"https:\/\/www.infoblox.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.infoblox.com\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.infoblox.com\/blog\/#organization","name":"Infoblox","url":"https:\/\/www.infoblox.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","contentUrl":"https:\/\/www.infoblox.com\/blog\/wp-content\/uploads\/infoblox-logo-2.svg","width":137,"height":30,"caption":"Infoblox"},"image":{"@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.infoblox.com\/blog\/#\/schema\/person\/6a924a7ce4c0b4614b9b69fdeaea7cab","name":"Philip Quian","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_249_1571768621-96x96.jpg","url":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_249_1571768621-96x96.jpg","contentUrl":"https:\/\/live-infoblox-blog.pantheonsite.io\/wp-content\/uploads\/avatar_user_249_1571768621-96x96.jpg","caption":"Philip Quian"},"description":"Philip Qian is currently a senior product manager in security at Infoblox, Inc. where he manages analytics-based threat detection products. He has more than 15 years of experience in the network security industry, having worked at McAfee and HP ArcSight. He earned a Master of Science degree in Computer Science from University of North Carolina at Chapel Hill.","url":"https:\/\/www.infoblox.com\/blog\/author\/philip-quian\/"}]}},"_links":{"self":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/664","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/users\/249"}],"replies":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/comments?post=664"}],"version-history":[{"count":1,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/664\/revisions"}],"predecessor-version":[{"id":665,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/posts\/664\/revisions\/665"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media\/666"}],"wp:attachment":[{"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/media?parent=664"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/categories?post=664"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.infoblox.com\/blog\/wp-json\/wp\/v2\/tags?post=664"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}