A recent study by SecurityScorecard reveals one thing no retail bank wants to admit: That malware is getting more sophisticated and tougher to block.
A report by CIO delves into the details of the study, which explains that the sheer volume of types of malware are making it harder for companies to keep up with. And that malware will only get worse with a new threat known as “Zeus.” According to the report, the malware has the ability to “swiftly and secretly steal credentials for online bank accounts” and has the capability to make large wire transfers through the ACH system.
The study discovered that more than 4,700 companies had suffered from some sort of banking malware — leaving many banks open to the possibility of attacks. The report also details data about computers that may be part of a “network of infected machines, known as a botnet.” The study found nearly 12,000 infections across those impacted organizations.
CIO‘s report points to the malware risk that widespread breaches can lead to when hackers access the system. This includes massive payment card breaches like Target and Home Depot that opened up the payment data of millions of consumers. For Target, that impact was 40-some million payment cards, and for Home Depot, that figure was closer to 56 million payment cards.
In the report, SecurityScorecard’s Chief Research Officer Alex Heid noted that the most common banking malware types are known as Dridex, Bebloh and TinyBanker. Each of them has its own specialized way of breaching systems by leaving them vulnerable to attacks.
And according to CIO, the U.S. Department of Justice shut down the Gameover Zeus botnet during the middle of last year, which was connected to malware that lead to up to $100 million being stolen.
In other malware-related reports as it pertains to payments, the MalumPOS malware is a newly discovered attack tool with the ability to steal payment data from point-of-sale systems running a popular type of Oracle software, Trend Micro threats analyst Jay Yaneza said in a recent blog post.
Its prime target is Oracle’s MICROS platform, which is currently deployed on over 330,000 sites worldwide. The software is widely used in the U.S., especially within the hospitality, food and beverage and retail industries, putting numerous high-profile companies and their customers at risk.
It’s no secret that POS malware is found to be a leading cause of many data breaches, but the threat continues to grow. Earlier this year, security researchers found two new families of POS malware that use a single component to seek out card data while another sends the coveted information directly to the cyberthieves.