Find out which types of malware are gaining traction.  

SEE ALSO: Takeaways from PCI DSS 2016 Data Breach Trends

Wherever there’s new software or applications, there’s also the potential to install malicious software and code to crash systems, hold systems random, or steal important data.

Today is no exception. Malware is an increasingly dangerous problem for organizations, and cybercriminals are developing more ways to use malware to steal data. For example, last week, researchers discovered an updated malware called “Skimmer” that can turn an entire ATM into a skimmer, making it capable of executing 21 malicious commands, such as dispensing money and collecting payment card data.

Malware is usually designed to target two common payment environments: POS, or e-commerce.  2016 is bringing some old and new trends for POS and e-commerce malware, which includes things like memory scrapers and remote file inclusion.

SEE ALSO: Top 5 Security Vulnerabilities Every Business Should Know

POS malware trends 

These types of malware will target POS devices in a variety of ways. Two types that have been gaining traction are memory scrapers and malware suites.

Memory scraper
One of the most common types of POS malware is the memory scraper. This malware is designed to capture or “scrape” sensitive information from the system memory (RAM) and return it to the attacker.
Memory scrapers are growing in popularity and will likely be a big cause of data breaches in 2016.
They are particularly common in remote access applications. In SecurityMetrics’ 2015 forensic investigations, 50% of merchants who were breached through remote access had memory-scraping malware on their systems.

Malware suites
Installing malware suites, a group of malware designed for different functions, was a very popular tactic in 2015, and will likely continue to be popular this year. Attackers use malware suites to search for, locate, and export payment card data more quickly through FTP, email, or web traffic. Examples of malware file names include:
  • Rundll.exe
  • Toolbar.exe
  • Win32.dll
  • Check.zip
  • API.dll
  • File.dll
  • Winlogon.exe

E-commerce malware trends

Since EMV is securing more storefront transactions, it makes sense the types of malware that target online business is on the rise. E-commerce malware involves a very different set of obstacles for organizations; most vulnerabilities involve weaknesses in software or website coding. This type of malware manifests usually as code-based attacks to steal cardholder data.

Some common types of e-commerce malware include:
  • Remote file inclusion: found in 33% of SecurityMetrics’ e-commerce merchant investigations
  • SQL injection: found in 25% of SecurityMetrics’ e-commerce merchant investigations
  • Malicious code: found in 25% of SecurityMetrics’ e-commerce merchant investigations
Remote file inclusion
This type of attack is accomplished when attackers embed malicious files into applications. It can be found by employing FIM software that looks for changes in the original software.

SQL injection 
This malware feeds information into web forms not coded to reject illegitimate characters. Attackers can then gain information about the business database based on the web form output. If hackers get enough information, they can ultimately gain administrative access to get more lucrative data.

Malicious code
This type of malware involves attacking the code. Malicious code attacks can vary depending on the weaknesses in written code of the environment under attack. For example, the original code could be replaced by a modified code that could write captured data to a temporary file for later export.

SEE ALSO: Code Reviews: A Method to Reveal Costly Mistakes

Protect your data from malware

Even though malware is still a popular way to steal data, there are ways to protect your business from it. Here are a few things you should do to keep your tech from getting infected:
  • Install and update antivirus software: having up-to-date antivirus software can help you find and get rid of malware. 
  • Get your POS device from a QIR: Qualified Integrators and Resellers are certified by the PCI DSS to integrate POS devices correctly. This will help prevent vulnerabilities in your business’s POS devices. 
  • Update and report: it’s crucial to frequently update your software and web applications. This will help patch any security vulnerabilities that show up. Microsoft releases their updates and patches every 2nd Tuesday of the month.  
  • Secure e-commerce environments: common antivirus applications may not always be properly configured or updated in an e-commerce environment. You should implement FIM to examine files for unauthorized modifications. 
  • Do regular vulnerability scanning: scanning your software and servers often can help you detect malware before damage is done. It can also help you find exploitable vulnerabilities in your card data environment. 
Need help with data security? Talk to one of our consultants!

Malware is improving and evolving right alongside technology and it’s up to you to stay ahead of it. Keep your organization safe from malware and protect your data.

SecurityMetrics Guide to PCI DSS Compliance

0 comments