Home / Technology / POS Malware Steals £600M: UK Businesses Under Cyber Attack
POS Malware Steals £600M: UK Businesses Under Cyber Attack
10 Mar
Summary
- Over £600 million stolen via payment fraud in early 2025.
- POS systems are prime targets for cybercriminals attacking SMEs.
- RAM scrapers and keyloggers are among common POS malware types.
In the first half of 2025, UK businesses experienced a significant increase in payment-related fraud, with cybercriminals successfully stealing £600 million. This represents a three percent rise compared to the same period in the previous year. Point-of-sale (POS) systems have become a primary target for attacks, especially against small to mid-sized enterprises.
These malicious software programs, known as POS malware, are designed to pilfer customer payment data. Attackers employ various methods, including exploiting software vulnerabilities, physical installation via infected media, brute force attacks, and utilizing compromised credentials. Insider threats also pose a risk, with staff potentially facilitating data theft.
Several types of POS malware exist, each with distinct methods. RAM scrapers capture unencrypted data from memory, while network sniffers intercept network traffic. Keyloggers record keystrokes, and file injectors embed malicious code into legitimate system files. Backdoors create hidden access points for persistent threats.
Reducing the risk of POS malware requires a comprehensive security strategy. This involves a combination of technological solutions, streamlined processes, and thorough staff training. For UK SMEs, the consequences of such attacks extend beyond financial loss to include damaged customer trust and regulatory penalties.
