Tag: Point of Sale (POS) Malware

Prepare for Trends in Website Malware Growth

As we approach the first anniversary of the massive Target data breach that opened the floodgates for thousands of other attacks, we look at whether security measures are better or worse than last year. Are we better prepared to defend against the malware that took out Target, Home Depot and thousands of smaller firms, or is the malware used in these attacks simply outrunning us?

The news is not encouraging. PandaLabs, the research arm of security firm Panda, has been tracking new malware for years. According to the company, more than 50 million new strains of malware have emerged since the Target attack, and 20 million of those strains were detected in the third quarter of this year alone. Using those numbers, that works out to a stunning 227,000 new strains of malware being introduced to the world every single day for just the last twelve weeks.

The vast majority of new malware strains and infections, more than 75% of them, were Trojans. This malware is not having much trouble finding computers and servers to infect. According to Panda, more than a third of personal computers worldwide are now infected with malware.

These statistics are even more important as we approach the busy holiday season. With more people online, surfing, searching and shopping, the spread of malware will only increase, and much of this could be Point of Sale malware.

Close cousins of the malware that was used in the massive data breaches at Home Depot and Target are now on the march. The Backoff malware, which is widely regarded as undetectable by antivirus software, increased by nearly 30% in September alone according to security firm Damballa.

Businesses are not the only targets. Researchers recently found advanced malware known as Black Energy that has been compromising industrial control systems around the world, undetected, possibly for years. As with many of the most sophisticated attacks, they have often started with a phishing email to an unsuspecting or untrained employee.

Much of this malware lies in wait for its victims. The recently discovered Dark Hotel malware has been infecting hotel Wi-Fi networks around the world. The malware lies in wait for visiting guests to use the network, then tricks them into downloading malware that includes a keylogger and other data stealing components. While all guests are vulnerable, the prime targets are traveling executives who may provide access to sensitive corporate information and networks.

So what can you do to minimize the risk? The answer is in the question. With so much malware now able to evade antivirus software, it’s time to start assuming that risk mitigation is a better and more realistic option than absolute prevention

Your best defense is a “shield’s up” approach. Identify the most common ways malware can enter your business, whether it’s through an unprotected website or a careless employee, and patch the holes in the fence.

If you’re going to assume that you can’t keep all malware out, you can still do many things to reduce the potential damage. User privilege management is one of the best defenses. If you strictly limit the access privileges of your users to just the things they absolutely need access to, you can prevent malware from jumping from the lowest level of access to the highest.

As we approach the first anniversary of the Target breach, it’s worth remembering how the attack started. Target granted almost unlimited access to a lower level employee of a small, outside, service company. Once the hackers had the user’s password, they had undetected access to Target information for months. Make sure that you’re doing everything you can to prevent these types of attacks. Don’t become the next headline. To get started on the path to a secure website, contact SiteLock for a free website security analysis.

PCI compliance

Protecting Your Business From A Data Breach

It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.

The Home Depot Data Breach

The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.

Read More

PCI compliance

PCI Compliance: A Piece of Website Security

If you think for some crazy reason your business is too small, too obscure, or simply just too uninteresting to be of any value to a busy hacker, be prepared for a rude awakening. The one thing the all of the recent major data breaches had in common is that all the businesses involved were probably PCI compliant. And it was still no guarantee.

There has been a seemingly endless parade of massive data breaches in just the last few weeks, including UPS, Dairy Queen, Community Health, Apple’s iCloud, the 1,000 businesses the FBI said were just hacked, and, oh yes, the suspicion that Home Depot just suffered a data breach even bigger than Target’s.

Read More

POS Malware

Big Brands Defenseless Against POS Malware

2014 could go down as one of the most significant years in the world of cybersecurity, and malware in particular. It wasn’t just the small window that revealed data breaches at Target, Neiman Marcus, Michaels Craft Stores and potentially dozens of other retailers. Nor was it the fact that this explosion in data breaches could all be the work of a seventeen-year-old.

Read More

POS Malware Hits Target in Data Breach

Data breachIt’s been less than a month since mega retailer Target announced that a little more than 40 million customer debit and credit cards had been stolen by hackers. Not long after that, we saw the first of those cards being sold a few hundred thousand at a time, in a variety of underground hacker forums. Although not that underground, since I was able to register on the most notorious hacker sites and see for myself how easy it was to buy an identity.

Read More

Powered by WordPress & Theme by Anders Norén