Hotels and Resorts are Hackers’ Latest Preferred Choice
Trustwave, a security technology and consulting company released a new report, which emphasizes hotel industry currently becoming cyber-criminals' preferred target. The company's research and investigation unit SpiderLabs that investigated data breaches during 2009 found that 38% of them involved resorts and hotels.
This changed attention on the hotel sector represents computer criminals' shift towards increasingly targeted attacks replacing the random or opportunistic ones. The switch underscores the rising stress by PC hackers towards capturing payment card information available at resorts and hotels. It also emphasizes that their malware along with attack methods are growing in sophistication.
Moreover, according to Trustwave's breech investigation data, the second biggest hacked sector in 2009 was the financial service sector, which suffered 19% of the total infringements. The third category being targeted most was food-and-beverage industry, experiencing 13% of the total breaches.
Researchers explained that after acquiring admission into a personal computer, hackers in these assaults have to work more for actually stealing the desired data. SpiderLabs found that in 54% of the investigated incidences, hackers tried to capture data during transmission, utilizing four major types of malicious software. Significantly, the most frequently-used malware were memory parsers, applied in 67% of such incidences.
Experts added that memory parsers follow Random Access Memory, used in debit or credit card transaction process, and then do data-parsing of the information, which they're supposed to hunt.
One more instance of hackers' increasing technological strength is apparently associated with this alleged credentialed malware, which though being uncommon, account for 6% of all malicious software. Hackers load this malware onto their target computers while charging a price from other criminals to enable access to them. The access is done through the entry of usernames and passwords that return accurate responses to challenging queries, alternatively through the use of associated verification protocols.
It is revealed that in most of the cases, the cyber goons used different yet old methods to sneak peak into their victim's systems, Furthermore, Trustwave found that hackers in the attacks exploited software flaws as-old-as 10 years that though had related patches, but the latter weren't updated.
Experts commented that when organizations hear about fresh attacks as-old-as 5-7 months, they patch their systems, but that does not immunize them against 10-year-old attacks.
» SPAMfighter News - 11-02-2010