Malware And The Opportunistic Holiday Season Bonanza

‘Tis The Season To Be Careful

Malware Vulnerabilities

Earlier this year, Menlo Security published a report suggesting that one-third of the top million global websites were vulnerable to malware, and one in five sites were running software with known vulnerabilities. 5% of the sites measured were identified as serving spam or malware or were part of a botnet. With a billion websites already running, and an additional 100,000 coming online daily, 2014 saw over $70 billion spent on cyber security tools. Malware, however, continues to be a dominant threat.

Black Friday

Shoppers are being warned of a new Malware threat, ModPOS, discovered by ISight Partners, enabling point-of-sale malware code to collect credit card details as customers scan their cards.

And with news of the data breach at Hilton Worldwide spreading, analysts are expecting an increase in POS attacks against retailers, just as Black Friday launched the shopping season. Mark Bower, global product management director for HPE Security, says, “Point of sale systems – what consumers often call the checkout system – are often the weak link in the chain. A checkout terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.” With this holiday shopping season being the first after the EMV liability shift has taken effect, merchant or card issuers who haven’t implemented EMV Chip-and-PIN technology will be held accountable.

Cyber Threat Monday

In Singapore, mobile banking clients have been warned of malware risks on Android phones that attempt to hijack online passwords and one-time security codes. It appears that these malware injections pose as Android software updates or service updates for messaging app WhatsApp. The fake Android update is spread through direct link downloads and exhibits clicker behavior, constantly visiting hard coded URLs without user consent. More dangerous, this malware collects device information such as email accounts, phone numbers, and similarly sensitive information, and after requesting super user access becomes incredibly difficult to remove. The ‘WhatsApp’ Instance of the malware appears as a pop-up insisting users download the new version or risk losing access to the service. Once users install the software, sensitive information is scammed from users. Mobile users are being warned not to click on strange links or accept unknown downloads, and an antivirus app is as necessary for mobile phones as laptops, desktops, and tablets.

Conficker

Yet another threat to beware of, Conficker was the most commonly used malware to attack organizations in October, accounting for 20% of all global attacks. This worm, first appearing in 2008, is able to spread across networks and brute force passwords, and its return has seen dangerous infections such as that of police body cameras. Security vendor Check Point reveals that three malware families, Conficker, Sality, and Cutwail, accounted for 40% of all recorded attacks, showing a trend toward gaining control of PCs and turning them into DDoS and spamming botnets. Neutrino Exploit Kit, associated with ransomware scams, is the fourth most common malware detected in October globally and attacks computers using Java.

As ransomware and data-stealing malware attacks rise, consumers and holiday makers would be wise to beware of threats both physical and online; Icy roads and crazed shoppers aren’t the only challenges we face this festive season.

By Jennifer Klostermann

Episode 1: Why Small and Medium Sized Businesses Need an MSP

Small and Medium Sized Businesses Need an MSP Small and medium-sized businesses don’t enjoy the ...

Episode 4: The Power of Regulatory Compliant Cloud: A European Case Study

An interview with Johan Christenson, CEO of CityNetwork With the world focusing on the big ...

Episode 3: The Bottomless Cloud – An Interview with David Friend of Wasabi

Why data is not “the new oil” and why “cloud” means more than we think ...
Ben Ferguson

7 Reasons Why You Should Consider Deploying SD-WAN Alongside Public Cloud Services

Why You Should Consider Deploying SD-WAN Software-defined WAN (SD-WAN) and public cloud IaaS services both offer powerful benefits to virtually any business. Many of these same ...
Tunio Zafer

Questions To Ask Every Cloud Storage Provider

Cloud Storage Provider Questions As with many new technologies, attitudes toward cloud storage vary. Telephones were immobile; wearables perhaps unwarranted. And now, the global cloud ...
Atman Rathod

UX Design in the Age of DevOps: Transformation Through Collaboration

UX Design in the Age of DevOps DevOps is popular among modern IT strategists because it leaves no scope for lapses in the development process ...
Bigcommerce

Magento 1 Is Nearing Its End – Is It Time To Migrate To BigCommerce?

Time To Migrate To BigCommerce? Nearly three years ago, Magento declared that they would be ending support for their Magento 1 software. All versions of ...
Oussama El Hilali

Hybrid or Multi-cloud? Picking the Right Organizational IT Strategy

Hybrid or Multi-cloud? Picking the Right Cloud Strategy Discussions around cloud migration are no longer about whether an organization should move to the cloud, but ...
Or Lenchner

Using an IPPN to fight ad fraud: your questions, answered

Using an IPPN to fight ad fraud It’s a well-known fact: the internet is a marketer’s dream, offering brands the chance to engage with consumers ...
Martin Mendelsohn

New Executive Roles in the Post-Corona Era

Executive Roles in the Post-Corona Era As the global economy shows early signs of reviving from past months of rigormortis, forward-looking companies will be busy ...
Fahim Kahn

The 5 Biggest Hybrid Cloud Management Challenges—And How to Overcome Them

Hybrid Cloud Management Challenges The benefits of the cloud—reduced costs, greater IT flexibility, and more—are well-established. But now many organizations are moving to hybrid cloud ...
Kaylamatthews

How AI Can Keep Documents Secure During the Age of Remote Work

Keeping Documents Secure While remote In response to the COVID-19 pandemic, global businesses have restructured operations to accommodate remote work and telecommuting. Humanity has collectively ...
Jeremy Daniel

Find Competitive Advantage through AWS by Partnering With The Experts

Setting up your cloud configuration is too important to not involve the experts MediaTemple & CloudTweaks Thought Leadership Brand Series So many great business ideas ...