POS Malware Advances Outpacing Efforts to Stop Them
Point-of-sale systems increasingly are being overcome by hackers’ expanding use of malware to compromise credit and debit card data, according to an Arbor Networks study. Although the study found that most types of malware lack sophistication and could be detected by watchful companies, in many public retail breach incidents attackers had access to the victim’s network for more than 100 days. Arbor analyst Curt Wilson says small businesses lack the security expertise to contend with protecting their networks and spotting attacks, while detecting attacks in large and complex corporate networks is problematic. Wilson says the diversity of malware indicates POS breaches have matured from simple exploits that exfiltrated card data to memory-scraping malware run by botnet infrastructure. He also says detecting and impeding such attacks should be relatively easy. Arbor urges companies to focus on monitoring for indicators of exploitation among POS terminals and other highly sensitive systems. Wilson argues that rapid detection of breaches and fast incident response could potentially be more important than blocking attacks. “The ability to detect an incident quickly is important, and having intelligence that gives good context and allows personnel to prioritize activities helps immensely,” he says.
From “POS Malware Advances, Outpacing Defenders’ Efforts”
eWeek (05/13/14) Lemos, Robert