Report: POS malware sees sharp increase in Q3

As the holiday season approaches — with its resultant buying frenzy, findings from Damballa's "2014 Q3 State of Infections Report" indicate retailers or consumers are vulnerable. Point-of-sale (POS) malware attacks made a sharp leap.

“POS malware hackers are getting ready for the holidays,” Brian Foster, CTO at Damballa, told Foster noted that consumers should be especially careful, keeping credit card receipts and carefully monitoring activity on their accounts.

During Q3, Damballa said it observed as many as 138,000 events on any one day in a single enterprise network. 

“These events are unique pieces of evidence associated with potentially malicious activity,” the report said.

That news shouldn't come as much of a surprise, since the quarter hosted some very prominent breaches, all attributed to POS malware, at Home Depot, Jimmy John's, Dairy Queen, P.F. Chang's and Goodwill — with Backoff taking a star turn. According to the report, Backoff infections grew 57 percent from August to September and 27 percent during the month of September.

Damballa pointed out that Backoff had remained hidden and was active in networks after bypassing network prevention controls. In addition, companies were able to detect the malware because they had configured networks to provide visibility of POS traffic.

“Enterprises averaged 37 infected devices daily," the report said, noting that “the ability to automatically whittle down 138,000 events to 37 true positive infections shifts the focus from evidence-hunting and correlation to informed response.”

And response is what needs to improve. 

The report explained that in those POS systems that are set up on local networks, “traffic doesn't get the same scrutiny as corporate network traffic.” That gives an attacker easier access and allows them to stay hidden for lengthy periods. It warned that it is imperative to “reduce the time from when intrusions are detected to when they are contained.”

That can make all the difference in the impact of an infection. Damballa found a 40 percent dip in daily infections among those companies that “proactively remediated their assets according to the risk each posed.”  These infections had already bypassed prevention controls and were active in the network.

“With actionable intelligence, security teams can focus on infections that matter and get control of their workflow,” the report said.

Foster noted that companies must devote more resources to combating malware and other threats. 

“All these companies have a benchmark for annual spending on security,” he said, contending consumers should hold retailers responsible for breaches. “Those benchmarks have to change.” For example, JPMorgan Chase, he said, is upping its spending in the wake of its recent breach.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.