Malware And The Opportunistic Holiday Season Bonanza

‘Tis The Season To Be Careful

Malware Vulnerabilities

Earlier this year, Menlo Security published a report suggesting that one-third of the top million global websites were vulnerable to malware, and one in five sites were running software with known vulnerabilities. 5% of the sites measured were identified as serving spam or malware or were part of a botnet. With a billion websites already running, and an additional 100,000 coming online daily, 2014 saw over $70 billion spent on cyber security tools. Malware, however, continues to be a dominant threat.

Black Friday

Shoppers are being warned of a new Malware threat, ModPOS, discovered by ISight Partners, enabling point-of-sale malware code to collect credit card details as customers scan their cards.

And with news of the data breach at Hilton Worldwide spreading, analysts are expecting an increase in POS attacks against retailers, just as Black Friday launched the shopping season. Mark Bower, global product management director for HPE Security, says, “Point of sale systems – what consumers often call the checkout system – are often the weak link in the chain. A checkout terminal in constant use is usually less frequently patched and updated, and is thus vulnerable to all manner of malware compromising the system to gain access to cardholder data.” With this holiday shopping season being the first after the EMV liability shift has taken effect, merchant or card issuers who haven’t implemented EMV Chip-and-PIN technology will be held accountable.

Cyber Threat Monday

In Singapore, mobile banking clients have been warned of malware risks on Android phones that attempt to hijack online passwords and one-time security codes. It appears that these malware injections pose as Android software updates or service updates for messaging app WhatsApp. The fake Android update is spread through direct link downloads and exhibits clicker behavior, constantly visiting hard coded URLs without user consent. More dangerous, this malware collects device information such as email accounts, phone numbers, and similarly sensitive information, and after requesting super user access becomes incredibly difficult to remove. The ‘WhatsApp’ Instance of the malware appears as a pop-up insisting users download the new version or risk losing access to the service. Once users install the software, sensitive information is scammed from users. Mobile users are being warned not to click on strange links or accept unknown downloads, and an antivirus app is as necessary for mobile phones as laptops, desktops, and tablets.

Conficker

Yet another threat to beware of, Conficker was the most commonly used malware to attack organizations in October, accounting for 20% of all global attacks. This worm, first appearing in 2008, is able to spread across networks and brute force passwords, and its return has seen dangerous infections such as that of police body cameras. Security vendor Check Point reveals that three malware families, Conficker, Sality, and Cutwail, accounted for 40% of all recorded attacks, showing a trend toward gaining control of PCs and turning them into DDoS and spamming botnets. Neutrino Exploit Kit, associated with ransomware scams, is the fourth most common malware detected in October globally and attacks computers using Java.

As ransomware and data-stealing malware attacks rise, consumers and holiday makers would be wise to beware of threats both physical and online; Icy roads and crazed shoppers aren’t the only challenges we face this festive season.

By Jennifer Klostermann

Kevin Julian

Patients Increasingly are embracing technology, and so must the pharmaceutical industry

Patients Increasingly Embracing Technology COVID-19 has driven home the need to use digital solutions more broadly, which means C-Suites may be turning to their CTOs for advice As lockdown restrictions went into effect due to ...
Darach Beirne

Improve the Customer Experience by Connecting IT Silos

Connecting IT Silos Customer experience (CX) is a top priority for businesses across industries. The interactions and experiences customers have with a business throughout their entire journey – from first contact to becoming a happy ...
The Top 20 Machine Learning Startups To Watch In 2021

The Top 20 Machine Learning Startups To Watch In 2021

Machine Learning Startups There are a record number of 9,977 machine learning startups and companies in Crunchbase today, an 8.2% increase over the 9,216 startups listed in 2020 and a 14.6% increase over the 8,705 ...
Derrek Schutman

Providing Robust Digital Capabilities by Building a Digital Enablement Layer

Building a Digital Enablement Layer Most Digital Service Providers (DSPs) aim to provide digital capabilities to customers but struggle to transform with legacy O/BSS systems. According to McKinsey research, 70% of digital transformation projects don’t ...
Security Cloud

The Problem with Cyberhygiene

Cyberhygiene Dangers It is a quirk of human nature that we have a hard time contemplating abstract notions of danger, especially when it is introduced to us by others. In the simplest of examples, imagine ...