Skip to main content

Malware Makes The Holiday Worse

Dec

11

2014

Time to read

Read so far

Written by: 

Entrust

Time to read

Written by: 

The holiday season is upon us, which by most standards means it's a time for good cheer, relaxation and not a care in the world. Unfortunately, computer hackers are planning to make this holiday time a bit less enjoyable than that of previous years.

Holiday Spirit, Say Hello To Lusy

As the emergence of Cyber Monday points to, consumer shopping habits have changed significantly in the past few years. More people do their shopping online now than ever before. That said, the very American tradition of waiting in line for days to buy a massive TV hasn't been ground into obsolescence just yet, and with holidays like Hanukkah, Christmas and New Year around the corner, stores can expect patrons to be crowding their aisles in droves searching for that perfect holiday present.

But if you thought hackers were just going to let this influx of in-store shopping go to waste, think again. According to Tom's Guide, a new and virulent strain of point of sale malware is circulating that could put a big damper on the holiday shopping spirit. The malware is called LusyPOS, and it's currently making the black market rounds for the cool price of $2,000. It is reported to be similar in functionality to the malware that hit a major retailer at the end of 2013. Given that it's almost the one-year anniversary of malware first attacking that major retailer, that's a rather unsettling thought.

"LusyPOS works by infecting point-of-sale machines in retail locations, and then 'scraping,' or collecting, the payment-card data as it's momentarily held in the device's RAM before encryption," stated Tom's Guide. "The data is then transmitted to a remote server, where the attackers operating the malware can access and use it."

So how much of a threat does this malware realistically pose in the near future? Apparently a pretty big one, considering that most antivirus programs aren't succeeding in detecting it. That's not a good sign, and it heightens the possibility that Lusy could worm its way into retail systems just in time for the holiday rush.

And that's not the worst part. According to security experts looking into Lusy, it's just one strain in a broader malware family that may very well evolve over the coming months and years. Therefore, even if Lusy doesn't do a lot of damage, it could only be the most preliminary iteration of malware that will grow into a much more formidable threat. For this reason, all businesses out there need to start getting prepared.

Preparation Starts At The Top

Many companies operate under the misconception that information security should be relegated to IT departments alone. That's just not true. Sure, a business' IT department will play an instrumental role in enacting robust cybersecurity, but that doesn't mean it can do it alone. For a business to truly ensure that its protection is top-of-the-line, it needs to be comprehensively guarded, and that starts with an effort on the part of business administrators to roll out the best defensive measures possible. Here are some other steps that should be taken to make sure your organization is practicing strong security:

  • Make sure all staff know about cybersecurity. Malicious threats aren't contained within a bubble, so your company's cybersecurity efforts shouldn't be, either. If you only give IT workers the tools to deal with cyberthreats, then what happens if a malicious element attempts to attack one of your non-IT employees? That's a potential disaster scenario. Fortunately, such a crisis can be averted through the rolling out of a cybersecurity plan that spans your entire business. Every worker must know computing security fundamentals, since it's relevant to all of them,
  • Follow the news. If you're a business with POS systems and/or computers — and let's face it, that's just about every company out there these days — then cybersecurity is relevant to you. Therefore, it's imperative that as an organization you follow the various cybersecurity threats that are making the rounds so that you know how to better prepare for them. It doesn't take much to remain informed, but it will make a world of difference when it comes to understanding how to navigate the threat atmosphere.

Entrust Datacard