The holiday season is upon us, which by most standards means it's a time for good cheer, relaxation and not a care in the world. Unfortunately, computer hackers are planning to make this holiday time a bit less enjoyable than that of previous years.
As the emergence of Cyber Monday points to, consumer shopping habits have changed significantly in the past few years. More people do their shopping online now than ever before. That said, the very American tradition of waiting in line for days to buy a massive TV hasn't been ground into obsolescence just yet, and with holidays like Hanukkah, Christmas and New Year around the corner, stores can expect patrons to be crowding their aisles in droves searching for that perfect holiday present.
But if you thought hackers were just going to let this influx of in-store shopping go to waste, think again. According to Tom's Guide, a new and virulent strain of point of sale malware is circulating that could put a big damper on the holiday shopping spirit. The malware is called LusyPOS, and it's currently making the black market rounds for the cool price of $2,000. It is reported to be similar in functionality to the malware that hit a major retailer at the end of 2013. Given that it's almost the one-year anniversary of malware first attacking that major retailer, that's a rather unsettling thought.
"LusyPOS works by infecting point-of-sale machines in retail locations, and then 'scraping,' or collecting, the payment-card data as it's momentarily held in the device's RAM before encryption," stated Tom's Guide. "The data is then transmitted to a remote server, where the attackers operating the malware can access and use it."
So how much of a threat does this malware realistically pose in the near future? Apparently a pretty big one, considering that most antivirus programs aren't succeeding in detecting it. That's not a good sign, and it heightens the possibility that Lusy could worm its way into retail systems just in time for the holiday rush.
And that's not the worst part. According to security experts looking into Lusy, it's just one strain in a broader malware family that may very well evolve over the coming months and years. Therefore, even if Lusy doesn't do a lot of damage, it could only be the most preliminary iteration of malware that will grow into a much more formidable threat. For this reason, all businesses out there need to start getting prepared.
Many companies operate under the misconception that information security should be relegated to IT departments alone. That's just not true. Sure, a business' IT department will play an instrumental role in enacting robust cybersecurity, but that doesn't mean it can do it alone. For a business to truly ensure that its protection is top-of-the-line, it needs to be comprehensively guarded, and that starts with an effort on the part of business administrators to roll out the best defensive measures possible. Here are some other steps that should be taken to make sure your organization is practicing strong security: