The holiday season is fast approaching, meaning a busy time not only for retailers and shoppers but also cyber criminals. According to Damballa’s 2014 Q3 State of Infections report, ‘Backoff’ point-of-sale (POS) malware continues to infect retailers several months after its discovery.
The security firm’s report revealed infections from the malicious software increased 57 percent in August and 27 percent during the month of September.
Additionally, the company reported it detected as many as 138,000 events on a given day in a single enterprise network, with customers experiencing an average of 37 infected devices a day.
“Fundamentally, these figures show that prevention controls cannot stop malware infections,” said Brian Foster, Damaballa’s chief technology officer. “POS malware and other advanced threats can, and will, get through.”
However, researchers also discovered that daily infections diminished significantly (40 percent) among customers who proactively remediated their assets according to the risk each posed.
“Organizations should operate under the assumption they are in a state of continuous breach,” the report said.
Point-of-Sale malware attacks have been highly successful for cybercriminals in 2014 alone – raking in millions for debit and credit card information theft of Target, Home Depot, Jimmy John’s, P.F. Chang’s, Goodwill, Dairy Queen and Kmart customers.
“POS malware offers a high rate of return for criminals, which helps explain the spike,” read the report. “A single POS system may yield tens of thousands of payment card records versus what’s available on one end-user’s computer.”
We’d advise enterprises to be prepared, to get ahead by assuming that they will be compromised, and take practice measures to be ready to remediate, said Foster.