A new malware has been spotted that affects cloud-based point-of-sale software, . The malware is being called POSCLOUD, and it targets software used the most by small businesses.
The malware was discovered by IntelCrawler, a cyber intelligence company.
"We identified it right after a pretty big botnet takedown and think that it was developed specially by cybercriminals in private [circles] to attack cloud-based environments, and hunt for IDs and customer data, including credit cards," IntelCrawler CEO Andrew Komarov told SC Magazine.
The hacking tool works by logging the keystrokes that a user makes when entering information, as well as grabbing screenshots to monitor personal data. The information taken is then sold on the black market. Komarov said that he expects to see a larger number of this type of malware.
"The niche of cloud-based technologies for retailers supporting integration with POS equipment is pretty insecure, especially for small businesses," Komarov told SC Magazine.
According to Komarov, a large number of cloud-based POS systems were compromised, judging from the code, which looks for network connections to specific cloud-based POS providers.
Another Hack Technique on the Rise for Small Businesses
Attacks that affect small businesses can cost , according to Inc. Magazine. They are not immune to hacks. On the contrary, there are cyberattacks geared especially for them.
Structured Query Language (SQL) injection hacks have become a major concern for small businesses, . These cyberattacks involve sending code that takes over a database, as SQL is a special language used for communicating with databases. These databases can hold information ranging from employee records to customer information. A SQL injection attack works by sending malicious SQL code into a database to hack into it. Once the database is breached, a cybercriminal can then download information from it at will, and sell the information on the black market.
According a survey by Ponemon Institute, reported by Inc Magazine, 65 percent of organizations surveyed had been breached by a SQL injection attack. Additionally, out of all the breaches reported by respondents, 42 percent involved SQL injections.
The key takeaways are that IT professionals, even in small businesses, must maintain constant vigilance over their database networking, looking for SQL attacks. Additionally, they must encrypt all of the information that goes into their database to help slow down hackers from selling the information on the black market. Furthermore, staff that has access to IT systems must be made aware of any possible attacks, including SQL attacks.