RAM scrapers were the fifth-most-common threat action in 2009, but then fell to the bottom of the top 20 list until last year, when they rose to the number four position.
Once installed on a POS terminal, RAM-scraping malware programs monitor the system's random access memory (RAM) for transaction data in clear text, before such information is processed and encrypted.
In almost all cases of POS-related data breaches in 2013 the intrusion was reported to the victim organizations by third parties, with notifications by law enforcement and external fraud detection systems being the leading causes of discovery. This means organizations typically learn about POS breaches after attackers begin exploiting the stolen data for financial gain.
Compared to previous years, the new edition of Verizon's Data Breach Investigations Report is more actionable. The company has included recommended security controls for each of the nine major incident patterns it has identified: POS intrusions, Web application attacks, insider misuse, physical theft and loss, miscellaneous errors, crimeware, card skimmers, denial-of-service attacks and cyber-espionage. This could help organizations in different industry sectors prioritize certain defenses depending on the attacks they're more likely to face.
For example, companies from the accommodation and retail sectors will learn from the report that they're likely to be the target of POS intrusion attempts and could focus on the recommended controls for that threat. Those include restricting remote access to POS systems and enforcing strong password policies; prohibiting Web browsing, email and social media use on POS terminals; installing antivirus programs on POS systems; monitoring network traffic to and from POS terminals, and using two-factor authentication for authenticating third-party and internal users to such systems.
Sign up for Computerworld eNewsletters.