New Cyber Security Concerns Surround Point-of-Sale Malware
Despite IT leaders' best efforts to solidify cyber security measures to protect vital company information, the threat of hackers and malware is ever-present. With the advancement of malicious software and hacker techniques comes increased concerns of data protection, network security and disaster recovery. Recent breaches have flown under the radar of large organizations, which often do not realize they have been attacked until weeks or months later. What is the nature of these threats and what are IT professionals doing to protect their firms?
Cybercriminals remain persistent
Innovations in cloud cyber security have raised the confidence of business leaders and consumers alike, but developers of malicious programs are also hard at work, according to Search Security. Hackers intent on stealing company and customer information honed their approaches this past year to make their efforts more subtle and insidious for businesses everywhere. Attackers are focusing on creating malware intended to trick online visitors into providing private information that is then used for criminal purposes.
"They're now able to do things such as take video captures of your screen so they can see when you're filling out a pop-up that's asking for your Social Security number to watch your mouse to see how many seconds you hesitated before you either ignored it or clicked through," Dr. Ken Baylor, research vice president for Austin, Tex.-based NSS Labs, told the news source. "So it's quality assurance on how effective their pop-ups are at convincing you to hand over your information. We're seeing a lot of innovation in this [area]."
The invisible generation of malware
Businesses and consumers used to be able to determine the differences between a safe or suspicious link or pop-up relatively easily. Search Security explained that malware now attempts to communicate directly with the command-and-control infrastructure of company machines, essentially hijacking the capabilities of cloud networks and using them to access valuable data. This could spell disaster for businesses that do not actively monitor their systems for changes in domain names, as the random generation of domains is a primary way hackers are breaking into enterprises.
Unfortunately, even the most vigilant IT professionals can run into problems when malware is specifically designed to hide the domain names that communicate with corporate networks, making it impossible to tell whether malicious activity is occurring. For example, Search Security cited Shylock malware as one cyber offender that has recently introduced Secure Socket Layer (SSL) encryption to make their attacks nearly impossible to detect. By using a common security measure, this program appears to be a standard element of a company network but is secretly harvesting private data.
Attackers time their efforts
Besides making their breaches more subtle and unnoticeable, cybercriminals are also improving their ability to launch their attacks at times when company security is at its most vulnerable. According to a report from the Proceedings of the National Academy of Sciences, researchers have revealed a mathematical model that allows hackers to determine the optimal time to initiate their actions. An article from Tech Times reminded readers that the consequences of a well-timed attack range beyond compromised credit card information - the safety of an entire country could be at risk as cyberwarfare becomes a growing concern.
"The heart of our model is the trade-off between waiting until the stakes of the present situation are high enough to warrant the use of the resource, but not waiting so long that the vulnerability the resource exploits might be discovered and patched even if the resource is never used," study authors Robert Axelrod and Rumen Iliev of the University of Michigan's Ford School of Public Policy, wrote in the report.
The report also highlighted a number of history's most successful cyberattacks that evidently took advantage of the content published in the University of Michigan study.