Backoff PoS Malware Infections Rising Steadily

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

According to Damballa's Q3 2014 State of Infections Report, infections from the Backoff point-of-sale (PoS) malware increased by 57 percent from August to September 2014, and by 27 percent during the month of September.

In August 2014, the U.S. Department of Homeland Security issued an advisory warning that more than 1,000 U.S. businesses had already been infected with the Backoff PoS malware.

"There are two items to note in the above data: a) Backoff malware had already bypassed network prevention controls and was active, yet hidden, in these networks, [and] b) Detection was possible because the enterprises had configured their networks to provide PoS traffic visibility," the report states.

"Many PoS systems are set up on local networks where the traffic doesn't get the same scrutiny as corporate network traffic," the report adds. "Attackers can more easily gain access and remain hidden for long periods of time. Reducing the dwell time from when intrusions are detected to when they are contained is critical."

"Fundamentally, these figures show that prevention controls cannot stop malware infections," Damballa CTO Brian Foster said in a statement. "PoS malware and other advanced threats can and will get through, so we can't simply build the walls around the the network higher."

"The encouraging news is that automatically correlating evidence can have a significant impact in reducing the number of infected devices within the network," Foster added. "We'd advise enterprises to be prepared, to get ahead by assuming that they will be compromised, and take proactive measures to be ready to remediate."

The Damballa report also found that finding "true positives" among the flood of security alerts is an increasing challenge -- the "noisest" enterprises in Q3 2014 experienced 138,000 events a day, a 32 percent increase from the previous quarter.

Still, there was some good news -- the report found a 40 percent reduction from the previous quarter in the number of devices infected per day.