SMBs the main target for Q3 PoS malware: Trend Labs

According to Trend Labs' security roundup, small to medium business were easy victims in the third quarter of 2015, with older malware-based attacks targeting point of sale systems.
Written by Asha Barbaschow, Contributor

Small to medium businesses (SMBs) were a lucrative and easy point of sale (PoS) target for malware attacks in the third quarter of 2015, according to security firm Trend Micro.

In Trend Micro's TrendLabs third quarter 2015 security roundup, Hazards Ahead: Current Vulnerabilities Prelude Impending Attacks, for the three months ending September 2015, the Tokyo-headquarted firm said attackers went after as many vulnerable PoS devices as possible with the intention of "hitting the jackpot".

The report [PDF] says attackers relied on tried and tested old tactics such as spamming, and tools like macro malware, exploit kits, and botnets.

"They must have done something right because the PoS malware detection volume grew 66 percent," Trend Micro said.

According to Trend Micro, SMBs suffered the most from PoS malware as they had poorer protections in place in direct comparison to larger enterprises.

The report said that whilst PoS malware targeting SMBs is not a new trend, what is new is that cybercriminals have shifted from using targeted attack styles to traditional mass-infection tools.

"The 'shotgun approach' will continue to be an effective means for attackers to gain new victims. Attacks targeting small and medium-sized businesses (SMBs) will continue to ensue because they have proven to be lucrative targets," the report said. "We've reached a point where just about anything can be vulnerable to threats."

"Similar to seismic readings signalling forthcoming earthquakes, security gaps could be a prelude to massive events that we believe will greatly impact 2016."

According to Trend Micro, the slow adoption of payment technologies such as Europay, MasterCard, and Visa (EMV); credit cards embedded with contactless Radio Frequency Identification (RFID); and mobile wallets such as Apple Pay and Android Pay, could be adversely affecting the security landscape.

Trend Micro believes such threats show no indication of going away.

Tom Kellermann, Trend Labs chief cybersecurity officer, said enterprises must limit the "dwell time" of adversaries, highlighting the need to disrupt the intruder's capacity to gain a foothold on a host to prevent them from initiating secondary infections.

"Cyberspace has become more punitive; attacks are not isolated cases and enterprises must adjust their incident response plans to address the advent of secondary attack stages, which could either be secondary infections or using stolen data for extortion," he said.

"Virtual patching and integrating breach detection with security information and event management and file integrity monitoring systems will be key in mitigating the punitive attacks of 2016."

Trend Micro also said high-profile individuals such as politicians will continue to be a target, with the security firm adding that such focused attacks will serve as a launchpad for the targeted attacks we will see in the future.

With a focus on the Japanese underground, last month, TrendLabs released The Japanese Underground research paper [PDF], which highlighted the toolbox of choice for up-and-coming hackers was one of the many online message board platforms in the country that allows visitors to learn the tricks of the trade. Trend Micro said such message boards play a large role in the thriving Japanese cybercriminal underground economy.

Additionally, Trend Micro said Japan was the second most affected country by online banking malware in 2014, behind the United States.

IT security firm FireEye and Singaporean telecommunications company SingTel released a joint report that looked at threats in the Southeast Asia region from January through June this year.

In its Southeast Asia: Cyber Threat Landscape report, FireEye said that approximately 29 percent of its customers detected advanced persistent threat (APT) malware, with APT remaining one of the biggest challenges for companies and government in the region.

FireEye said the percentage of Australian organisations targeted was 35 percent; however the highest within Southeast Asia was Thailand with 40 percent, followed by the Philippines with 39 percent. According to FireEye, countries in the region face the risk that territorial disputes, particularly across the South China Sea, will expand into cyber operations.

The report said the region continues to face unique challenges where cybersecurity is concerned, citing the pace of economic development and growing military expenditures in its rationale.

"APT groups seek to obtain intelligence to provide their sponsoring government with diplomatic, military, and economic advantages across the negotiating table or on the sea," FireEye said. "Rival governments often employ APT groups to conduct cyber espionage to obtain valuable political or military intelligence.

"We routinely observe APT groups stealing information that deals with South China Sea disputes and their economic effects from the networks of governments and companies involved."

35 percent of APT-based malware detections were directed toward those in the entertainment, media, and hospitality industries, with FireEye claiming 12 known APT groups are globally targeting those industries.

25 percent of total APT attacks were directed toward government organisations, with financial services and telcos accounting for a combined 28 percent.

FireEye speculated media outlets in the region may have been targeted by China-based cyber threat actors as a result of publishing commentary which was supportive of an opposition group.

"The cyber threat group may also have sought information that would help authorities monitor public opinion and gain advanced notice of articles that portrayed the government negatively," the report said.

FireEye's latest findings build on the Regional Advanced Threat Report: Asia Pacific 1H 2015 findings the firm published in October. Previously, the IT security firm said organisations in the APAC region were increasingly targeted by APT threats in the first half of 2015, with APT exposure growing rapidly in the region from well below average, to well above average.

FireEye said organisations in Southeast Asia were 45 percent more likely than the global average to be attacked.

Editorial standards