Malware in the News – and How to Beat It

GettyImages-459067087If there is a news topic generating more “F.U.D.”—fear, uncertainty, and doubt—than politics in the United States, it just may be cybersecurity.

According to an October 14 report on SC Magazine UK, a Dutch security analyst has discovered that more than 5,900 e-commerce sites contain malware that steals victims’ credit card details.

How did hackers gain access to and infect so many sites with malware? Through various unpatched software flaws.

In a blog post outlining his research, Willem De Groot provides some chilling and disheartening details.

Here are some highlights:

  • Online skimming is just like physical skimming. This involves replacing legitimate point-of-sale card-reading hardware with look-alike hardware that captures and diverts payment information to malefactors.
  • Online skimming is more effective because a) it is harder to detect and b) it is near impossible to trace the thieves.
  • [H]ackers gain access to a store’s source code using unpatched software flaws in various popular e-commerce software.
  • Victims vary from car makers (Audi ZA) to government (NRSC, Malaysia) to fashion (Converse,, to pop stars (Bjork) to NGOs [non-governmental organizations] (Science Museum, Washington Cathedral).

De Groot also contacted several merchants directly to inform them of the results of his research. Here are three of the responses he got:

  • “We don’t care, our payments are handled by a 3rd party payment provider.” Remember that many high-profile, high-value security breaches of retailer environments gained access through third parties.
  • “Thanks for your suggestion, but our shop is totally safe. There is just an annoying JavaScript error.” De Groot responds, “If someone can inject JavaScript into your site, your database is most likely also hacked.”
  • “Our shop is safe because we use https” (HyperText Transfer Protocol Secure, a minimally secure Web communications protocol).

For those of us who are planning to do any online shopping this holiday season, news like this gives new urgency to the phrase caveat emptor (“let the buyer beware”). Meanwhile, those who are operators of online commerce facilities should adopt a complementary phrase—caveat venditor, or “let the seller beware.” They should also patch the operating systems and applications upon which their operations rely more consistently.

As important as they are, though, timely software patches and upgrades are only elements of a truly effective strategy for combating cyber threats such as online skimming. Such threats depend largely on being able to infiltrate and populate a network with rogue software.

An effective protection strategy must therefore accomplish three things:

  • Detection—Know as quickly as possible when malware attempts to infiltrate or infiltrates a network, wherever that attempt or infiltration takes place.
  • Prevention—Prevent as many attempted malware infiltrations as possible. (This is a primary role of effective, comprehensive patch and update management.)
  • Remediation—Stop malware that successfully infiltrates a system from running and spreading to other systems or networks, and protect resources from the effects of successful infiltrations wherever they take place across a network.

The need for a multi-layered approach to cybersecurity is exactly  why we created Endpoint Security Suite 2.0. This offering combines Shavlik Protect with AppSense Application Manager and AppSense Insight to deliver a solution that addresses all of the —software whitelisting, secure standard configurations, timely patching of applications and operating systems, and administrative privilege restrictions.

That same need is also why we’ve enhanced LANDESK Security Suite with multiple features that enable more and better detection, prevention, and remediation. It’s also why we created LANDESK Workspaces for the Security Admin. It provides consolidated, comprehensive information about vulnerabilities, threats, and available patches, via a flexible, visual interface.

Whether or not your company sells online, cyber threats are many, varied, and dangerous to your users, your critical information resources, and your organization as a whole. To begin improving your protections today, read my colleague Brent Bluth’s blog post, I.T.’s a Real Ditch Sometimes: Time to Make a Switch, which discusses the importance of patching to your multi-layered cybersecurity efforts. Then, learn more about our solutions, online or from your LANDESK, Shavlik, or AppSense representative. Together, we can make your enterprise more secure and resistant to even the most modern, powerful cybersecurity threats.