Malware And The Opportunistic Holiday Season Bonanza

‘Tis The Season To Be Careful

Malware Vulnerabilities

Earlier this year, Menlo Security published a report suggesting that one-third of the top million global websites were vulnerable to malware, and one in five sites were running software with known vulnerabilities. 5% of the sites measured were identified as serving spam or malware or were part of a botnet. With a billion websites already running, and an additional 100,000 coming online daily, 2014 saw over $70 billion spent on cyber security tools. Malware, however, continues to be a dominant threat.

Black Friday

Shoppers are being warned of a new Malware threat, ModPOS, discovered by ISight Partners, enabling point-of-sale malware code to collect credit card details as customers scan their cards.

And with news of the data breach at Hilton Worldwide spreading, analysts are expecting an increase in POS attacks against retailers, just as Black Friday launched the shopping season. Mark Bower, global product management director for HPE Security, says, “Point of sale systems – what consumers often call the checkout system – are often the weak link in the chain. A checkout terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.” With this holiday shopping season being the first after the EMV liability shift has taken effect, merchant or card issuers who haven’t implemented EMV Chip-and-PIN technology will be held accountable.

Cyber Threat Monday

In Singapore, mobile banking clients have been warned of malware risks on Android phones that attempt to hijack online passwords and one-time security codes. It appears that these malware injections pose as Android software updates or service updates for messaging app WhatsApp. The fake Android update is spread through direct link downloads and exhibits clicker behavior, constantly visiting hard coded URLs without user consent. More dangerous, this malware collects device information such as email accounts, phone numbers, and similarly sensitive information, and after requesting super user access becomes incredibly difficult to remove. The ‘WhatsApp’ Instance of the malware appears as a pop-up insisting users download the new version or risk losing access to the service. Once users install the software, sensitive information is scammed from users. Mobile users are being warned not to click on strange links or accept unknown downloads, and an antivirus app is as necessary for mobile phones as laptops, desktops, and tablets.

Conficker

Yet another threat to beware of, Conficker was the most commonly used malware to attack organizations in October, accounting for 20% of all global attacks. This worm, first appearing in 2008, is able to spread across networks and brute force passwords, and its return has seen dangerous infections such as that of police body cameras. Security vendor Check Point reveals that three malware families, Conficker, Sality, and Cutwail, accounted for 40% of all recorded attacks, showing a trend toward gaining control of PCs and turning them into DDoS and spamming botnets. Neutrino Exploit Kit, associated with ransomware scams, is the fourth most common malware detected in October globally and attacks computers using Java.

As ransomware and data-stealing malware attacks rise, consumers and holiday makers would be wise to beware of threats both physical and online; Icy roads and crazed shoppers aren’t the only challenges we face this festive season.

By Jennifer Klostermann

Sangeeta Chhabra

Why ‘Cloud’ Should Be A Skill In This Age of Automation

The Age of Automation It is astonishing how the world around us is changing rapidly. More and more companies are now planning their move to the cloud and revamping their business models. Cloud computing has ...
Ramanan GV

Establishing a Unified Governance Model for the Digital Workforce

Increase visual control and reduce OPEX by 30% The Digital Service Providers (DSPs) are riding an automation wave. Painful manual tasks, which burdened staffs for ages, can now be easily handled by the software bots ...
Ransomware Hostage Prevention Tips

Ransomware Hostage Prevention Tips

Ransomware Prevention Tips (Updated: 09,24,2020) Ransomware can bring your business to its knees. Whether it comes as a system- or network-wide infection, it can do a severe damage to your company. Attacks are at a ...
Jen Klostermann

Enterprises Starting To Embrace Blockchain-as-a-Service (BaaS)

Blockchain as a Service (BaaS) Many global companies have already implemented Blockchain-as-a-Service (BaaS) into their cloud offerings. There isn't any question that offering BaaS can serve as a differentiator for many companies. Not to mention, ...
Digital Theft

Cross-Site Scripting – Why Is It A Serious Security Threat For Big Data Applications?

Security Threat And Big Data Applications (Updated August 11th, 2020) IBM, Amazon, Google, Yahoo, Microsoft - and the list goes on. All these leading IT enterprises have been affected by Cross-Site Scripting (XSS) attacks in ...
David Shearer

Looking Back – and Looking Forward to 2020

As we celebrate our thirtieth anniversary here at (ISC)², it’s incredible to look back at the changes our industry has been through. From advances in technology, to changing policy and regulations, this field is constantly ...