It’s been a good time for malware and its authors, but a very bad time for businesses and especially those that have suffered a data breach. A variety of point of sale (PoS) malware has run rampant through thousands of business and retailers in just the last few months, creating a massive haul of stolen credentials for hackers worldwide. And making consumers a very nervous bunch.
The Home Depot Data Breach
The latest victim is Home Depot, which only just announced that it had lost at least 56 million customer credit and debit cards to hackers who used a variant of PoS malware that’s growing in popularity amongst criminals — because it apparently works very well.
But part of the difficulty in fighting back against this new generation of sophisticated malware is increasing confusion about exactly what kind of malware is being used. It was initially believed that Home Depot had fallen victim to a variant of the BlackPoS malware kit used in so many other attacks. This family of malware grows in sophistication every day, can be purchased cheaply and deployed easily, and is now believed to be used by many different criminal gangs.
One camp has been claiming that most of these data breaches were the result of the same malware, because of the similarities in the techniques used. However, researchers who looked deep into the code itself are suggesting there are no real similarities in the code and thus the Home Depot attack might have used an entirely different type of malware.
Defending Your Business From Unknown Malware
And that just adds to the frustration of businesses. How can you fight back if you don’t know who or what you’re fighting? Researchers are pretty certain that the malware that wreaked havoc at Target, Michaels stores, Neiman Marcus and thousands of other stores was probably written by a teenager. But if the Home Depot malware is new, then who’s behind this attack? And what are they working on next?
Amidst all the confusion, there are some key things you still need to be doing to protect yourself:
Protect your website.
It’s estimated that more than 30,000 websites are infected with malware every single day and the majority of these are smaller firms. Unprotected websites are such an easy target for hackers and they can do so much damage. Not only does an infected website threaten the business, it can be used to spread malware to many others.
Remind your employees constantly about the risks.
While it’s not known how the Home Depot malware broke into the business, we know that much of the most advanced malware uses the simplest tricks – like tricking employees into opening infected emails.
Conduct regular security audits.
Never take security for granted because it never stands still. And never assume that your business is too small to be a target. Conducting regular security audits, and with particular focus on where your sensitive data is stored and how it’s handled, protected, and accessed, is key to finding vulnerabilities before the bad guys do.
If you use PoS systems, time to talk to your vendor about any known security issues.
The current malware is targeted at weaknesses in PoS systems, which might explain why retailers have been so vulnerable.
Encrypt whenever you can.
Most of the data breaches have been successful because the malware was able to steal data in places where it was unencrypted, even for a short time.
Limit access and rights.
In the Target data breach, hackers managed to do so much damage because no one had thought to limit the access rights of the employee of an outside vendor. Even though the hackers had the password for such a low level employee, they were still able to travel throughout Target’s networks for months without being detected.
Look at your industry.
Retail, hospitality, and healthcare are currently the top targets for data breaches. Do a little research to determine if there are any trends in attacks on your specific industry.
The only certainty in security is that something bad is going to happen eventually. Your job is to try to contain it in time so it does little real damage.
SiteLock offers a range of solutions to help keep your website secure, including our TrueShield web application firewall and automatic malware removal service. Visit our plans page to view the different website security packages that are available.