By Charles Leaver

As criminals seek to further monetize malware, duty of protection falls on CEOs

Hackers are currently working to tailor malware to a broader base of buyers. The likely increase in malicious threats this will lead to puts added pressure on companies to implement endpoint threat detection and response mechanisms or else risk attack. And when it comes to such protection, the burden of responsibility should be shouldered by enterprise executives.

Criminals increasingly building malware to sell
There was a time when cyber criminals operated on a much smaller base, and focused on carrying out the attacks they’d created. But now, the distribution of malware is as thriving an industry as any, and this lucrative form of criminality only looks to be on the upswing, according to CSO.

The source reported that malware authors are increasingly working to make more versatile malicious strains in order to heighten the appeal to prospective buyers, many of whom are people active in the criminal underworld.

The solution for criminal authors to meet this demand has been to create strains of all-encompassing malware that carry out a series of tasks and act as a self-sustaining money extraction mechanism. One example of this is a strain called Soraya, which can be deployed not only to target cash register and other point-of-sale systems, but also to actively erase consumer credit and debit card information in a function called memory scraping.

“It’s sort of an all-in-one package for the malware authors,” research analyst Matthew Bing said of Soraya. “Previously, RAM (random access memory) scrapers had just grabbed any 16-digit long string, but this one, Soraya, is just a little bit more sophisticated.”

Soraya’s success has been demonstrated through a series of attacks that have led to the theft of thousands of payment cards. The presence of Soraya coupled with the fact that sophisticated and multipurpose strains like it will become more common as criminals increasingly deploy monetization strategies puts pressure on companies to defend themselves.

Responsibility for company security rests at the very top
Gone are the days when a CEO could consign all virtual security issues to the company IT department. As SC Magazine senior reporter Doug Drinkwater pointed out, the duty to oversee and administer endpoint protection and response measures goes to the very top of any business.

The reason for this is not only because malware poses an unprecedented threat to all kinds of businesses, but also because when breaches do occur, public scrutiny will unfailingly fall on the men or women at the top. Nowhere has this been more starkly illustrated than in the case of Target, whose CEO in addition to CIO stepped down in the wake of their breach.

Fortunately for executives, the task of maintaining robust endpoint security and control is not an especially cumbersome one if a company equips itself with strong defensive software. The key for all companies is to always keep the issue of enterprise security on the table. No company can afford to be complacent when it comes to putting safeguards in place.

Get the Blog Here