By now, it’s no secret that hackers have a range of different malicious capabilities at their fingertips to use in the theft of sensitive personal and enterprise information. However, many individual users and businesses may not realize just how large-scale a problem malware actually is in today’s technological environment.
According to ActionFraud, a staggering number of brand new malware samples are being created by hackers on a daily basis. In fact, a recent Panda Security report found that approximately 15 million new malicious strains were generated recently, coming at an average of 160,000 never-before-seen samples every single day.
Overall, hackers pack these strains with a variety of different dangerous capabilities, including tools to avoid detection and snoop through an infected system for their paydirt: sensitive data belonging to an individual user or company that can be leveraged for fraudulent purposes or sold on underground marketplaces.
Malware comes in a range of different forms: PUPs
The Panda Security report noted that of the 160,000 new samples being made on a daily basis, more than half – 58.2 percent – were Trojans. While this figure is a decrease from the previous quarter, ActionFraud noted that there were increases in other types of malware, including PUPs or Potentially Unwanted Programs.
PUPs come as a part of software bundlers, malware that installs these undesired programs onto an infected system. This type of attack deceives the user into having programs deployed on their computer, either by not informing the individual at all, or doing so improperly so the person doesn’t understand the malicious nature of the applications being installed.
Backoff: POS malware
While the report noted a rise in PUP infections, organizations saw a range of different types of malware recently, including samples that directly attack retailer’s point-of-sales systems. Ars Technica contributor Sean Gallagher reported that the US Computer Emergency Response Team recently uncovered a dangerous new POS malware sample dubbed “Backoff.” The infection was leveraged earlier this year as part of several POS attacks on merchants carried out by unknown hacking groups.
Gallagher noted that Backoff displays similar characteristics to the malware used in the large-scale Target data breach last winter. That sample, along with Backoff, attacked the infected POS to scrape credit card data from the system memory. Even more worrisome was the fact that when tested by security researchers, the malware presented a “zero percent detection rate,” making it nearly invisible to antivirus protection software.
“POS machines are a big target for hackers, who use malware like Backoff to collect data from credit cards and other transaction information to either create fraudulent credit cards or sell the data,” Gallagher wrote.
Protection through password best practices
Oftentimes, infections of this kind come due to brute-force password attacks or exploitation of weak authentication credentials. For this reason, businesses should examine the authentication techniques utilized within their company to ensure strong credentials are in place and password best practices are being observed.
For instance, each employee that access the POS or other sensitive system in the vendor’s infrastructure should have a unique username and password. Furthermore, passwords should include a mix of numbers, letters and special characters where possible. Users should also avoid using easily-guessed information like their birth date, spouse or pet name, or their hometown. Observing these practices can help organizations bolster their protection against samples like Backoff and others that seek to exploit authentication credentials.
SandroRAT: Mobile malware
In addition to infecting traditional platforms, malware authors are also looking for other attack targets. In this spirit, mobile devices have become increasingly attractive to hackers, especially as users more often leverage them for business purposes. This provides access not only to the device owner’s personal data, but sensitive information belonging to their employer as well.
Since the emergence of the mobile malware trend, the Android operating system has been the most-attacked platform, as evident by a rash of newly discovered samples aimed at these devices. One such strain is SandroRAT, which illustrates the increase in mobile malware on a global scale.
According to GMA News, SandroRAT is an Android malware sample that targeted victims using their mobile devices to connect with Polish banks. Cybercriminals trick users by displaying a message stating that malware has been detected on the device, but that the bank is offering a free mobile security application. However, the “protection application” – that attempts to appear legitimate through the file name Kaspersky_Mobile_Security_.apk – is actually a remote access tool (RAT) that can carry out a range of remote commands.
Security expert Carlos Castillo noted that the program has the capability to steal sensitive personal information, intercept calls and SMS messages, record surrounding sounds and other dangerous abilities.
Application downloading best practices
Mobile malware like SandroRAT illustrates the importance of understanding what is being downloaded onto a device before allowing the installation to take place. Before downloading any mobile program, users should take a look at the details connected with the program as well as any connected reviews to ensure the application is legitimate. Furthermore, individuals should also only download apps from reputable application stores as these resources check programs for security and validity before allowing them to be sold on the platform.
Other best practices to protect personal data
In addition to these best practices, there are other security strategies users and businesses can leverage to protect sensitive information. One such technique is to encrypt this data to provide an added safety layer. With encryption technology in place, even if a hacker is able to infiltrate a system or database, any data housed there will be unreadable to everyone except authorized users with access to the decryption key. Sophos noted that this practice works best when installed on content at rest, in use and in transmission.
In addition, organizations and individuals should also utilize monitoring technology to oversee their individual devices and overarching networks. These programs can alert network administrators and endpoint owners to any suspicious activity that could point to an infection. With this type of security deployed, businesses and users can quickly react to any malicious infiltration to mitigate the damages.