With enterprises now averaging more than three dozen infected IT devices daily and attacks by point-of-sale (POS) malware like Backoff rising by double digits, companies today need to "operate under the assumption they are in a state of continuous breach." That's one of the findings from enterprise security firm Damballa's "Q3 State of Infections Report," released today.
During the third quarter of this year, global ISPs and enterprise customers saw a 32 percent increase in IT security events compared to the second quarter, according to the report from the Atlanta-based company. In particular, infections of the Backoff malware blamed for high-profile breaches at Target, Dairy Queen, Home Depot and Kmart rose by 57 percent between August and September, according to Damballa, while attacks in September alone rose by 27 percent.
A growing awareness about such threats, however, has paid off for the most proactive companies, the report found. In fact, the daily infection rates dropped by 40 percent in the third quarter for businesses using automatic incident detection.
A Mindset of 'Continuous Response'
"Most POS malware attacks are advanced threats," the Damballa report stated. "The adversaries are persistent, stealthy and highly targeted in their efforts. As such, they can bypass prevention controls like anti-virus, firewalls, IPS and most sandboxing tools."
When it comes to point-of-sale devices, organizations need to assume simply that "prevention won't work," the report warned.
"[P]revention can't keep up with constantly morphing malware because binaries change on a daily basis," the report stated. "Once a device is infected, the malware evolves. It is periodically updated and repackaged. A new malware binary is created. Criminals do this to stay one step ahead of signature-based prevention."
The best response is for businesses to adopt a mindset of 'continuous response,' the report concluded. "Assume you will be compromised and be ready to remediate."
ISPs at 'Ground Zero' for Security
We reached out to Damballa CTO Brian Foster to learn more about the report's findings, and what they mean for businesses.
"Resource-rich, large enterprises, in theory, should have better control over network security devices and users," Foster said. "However, it is possible for SMBs (small- and medium-size businesses) to achieve proactive breach detection. Their best response is to drive demand for better security through their ISP. ISPs are at ground zero for security. There are ISPs today that offer subscriber notification and remediation when malware is detected on their device."
When asked whether new mobile payment systems like Apple Pay might help eliminate some of today's IT security concerns, Foster said, "We always say there is no silver bullet but you can continually improve your security posture."
"Enterprises that conduct payment transactions need to shift focus from trying to stop malware attacks from getting in, because motivated criminals will always find a way in, to detecting breaches early, before there is damage," he added. "Mobile payment methods seem to offer promise but not enough is known yet so the jury is still out on long-term security effectiveness."
For consumers, this means "don’t view security as a given, regardless of who you are handing your credit card to. Be aware, check your monthly card statements, sign up for credit monitoring, etc.," he said.
Ulf Mattsson, CTO:
Posted: 2014-10-24 @ 11:52am PT
I agree that “Most POS malware attacks are advanced threats," and "The adversaries are persistent, stealthy and highly targeted in their efforts. As such, they can bypass prevention controls like anti-virus, firewalls, IPS and most sandboxing tools." Even if the malware is detected it could be hard to notice in the noise malware detection systems. This is illustrated by the attack on Target last year.
We have seen that monitoring cannot catch the bad guys until it is too late and this picture is unfortunately not improving, according to Verizon. The Verizon 2013 and 2014 reports concluded that less than 14% of breaches are detected by internal security tools. Detection by external third-party entities unfortunately increased from approximately 10% to 25% during the last three years. Specifically notification by law enforcement increased from around 25% to 33% during the last three years.
Advancements in big data security analytics may help over time, but we don't have time to wait.
The attackers are increasingly focused on stealing our sensitive data and will always look for the next path to attack the data. So we urgently need to secure the sensitive data itself with modern data security approaches.
The good news is that analyst studies have shown that users of data tokenization experience up to 50% fewer security-related incidents (e.g., unauthorized access, data loss, or data exposure) than non-users.
Ulf Mattsson, CTO Protegrity