Point-of-sale (POS) malware rocketed in the third quarter, with Backoff infections spiking over 50% from August to September, as big name retailers were caught out time and again, according to Damballa.
The APT security firm’s Q3 State of Infections report found that Backoff infections grew by 57% during August and another 27% during September. In fact, the US-CERT estimates the POS malware to have infected over 1,000 retailers already in the US.
Part of the problem is that many POS systems are set up on local networks where traffic isn’t inspected as rigorously as that flowing through regular corporate networks. This means attackers can gain access and remain hidden more easily and for longer periods, the report claimed.
Another issue is the distributed nature of retailers’ store networks.
“Commonly, remote locations use local last-mile internet connections, which are less costly but also provide limited security,” it warned.
Damballa CTO, Brian Foster, argued that these problems are compounded by the fact that many firms build their security programs solely with the goal of complying with regulations like PCI, which set the bar too low.
“It’s a minimal approach. It doesn’t come close to addressing issues like third-party network access or POS devices, which often aren’t connected to the corporate network and therefore are at greater risk,” he told Infosecurity by email.
“It’s not necessarily about spending more money, it’s about allocating dollars to prevent, detect and respond to breaches. The majority of dollars today still go toward prevention, which leaves huge gaps in a security program because criminals have learned to outsmart those systems.”
Organizations today need to stop focusing on preventing malware getting in and instead operate from the assumption that they’re in a “continuous state of compromise,” he added.
Then it’s about being able to zero in on the positive infections and filter out the noise.
Damballa saw up to 138,000 daily “events” associated with potential malicious activity on any given enterprise network, but found that its customers averaged just 37 infected devices daily in Q3 - still up 32% from Q2.
On a more positive note, the firm reported a 40% reduction in daily infections among those customers who proactively remediated their assets according to the risk each posed.