At Trend Micro we’ve been protecting our customers for the past quarter of a century and during that time the pressure has always been on to make sure we anticipate the next big trends. Sometimes they can come from the more unusual areas, as witnessed by some of the findings from our 1Q 2014 Security Roundup: Cybercrime Hits the Unexpected.
Cyber-attacks against retailers are nothing new. However, the report reveals that we found seven times more malware targeting Point-of-Sale (PoS) systems in Q1 than in the whole of 2013 combined.
The trend is a worrying one for all businesses in the retail and hospitality industries, which have been using PoS systems for decades to accept payments and process other important info like inventory management and accounting. Already in Q1, millions of US customers have been impacted by such attacks. Cosmetics firm Sally Beauty, hospitality player White Lodging, craft chain Michael’s and retailer Neiman Marcus all ‘fessed to breaches of sensitive customer data. That’s not to mention the massive breach of 110 million customers by retailer Target which broke in December last year. In South Korea, meanwhile, a PoS attack exposed the personal information of 200,000 local credit card users.
As we wrote in a recent report, Point-of-Sale System Breaches, going after these systems is a no brainer for the cyber criminals because they are often poorly secured and have multiple points of weakness. The devices themselves, network communications between various points and specific back office servers can all be targeted. Trend Micro has discovered numerous different pieces of malware crafted specifically for this purpose, which scan PoS systems for customer records, lift and then send them outside to the attacker. ALINA, DEXTR and DECBAL are just some of them.
What this does mean is that firms in retail and hospitality need to revisit their threat protection strategies and ensure they are based on the idea of customized defense. This can help them deflect these targeted, customized attacks at the endpoint, server and network level. Trend Micro’s targeted attack detection tool Deep Discovery can help here to detect advanced malware, lateral movement within a network, data exfiltration and other typical signs of a targeted PoS attack.
An advanced response
Of course, Q1 2014 was not all about PoS attacks. Other notables included the Siesta campaign against mainly Japanese and Taiwanese organizations in a wide range of industries, and attacks on the Network Time Protocol (NTP) system which helped criminals launch DDoS runs on unprecedented scale. Government targets (76%) remained the most popular overall but a long tail including industrial firms (7%), telecoms (5%), IT (5%) and finance (2.3%) meant no industry was immune.
The message for organizations is clear. No matter what sector you operate in, where you are located globally or how much money you throw at security, the data you hold remains at risk from determined attackers. Firms must assume they’ve been compromised and step up their threat intelligence and remediation capabilities as part of a custom defense strategy. Only this will help them to provide a much-needed advanced response to this new era of increasingly sophisticated attacks.
Please add your thoughts in the comments below or follow me on Twitter; @jdsherry.