Point-of-sale (PoS) malware is not the leading cause of retail security incidents, according to IBM. While the U.S. Secret Service believes more than 1,000 retailers have been infected by PoS malware such as Backoff malware, IBM found that command injection vulnerabilities were the leading root cause of retail security incidents in 2014. Retailers reported approximately 6,000 command injection incidents in 2014.
Kuhn told eSecurityPlanet that command injection attacks work against Web applications rather than databases.
“Essentially Shellshock was a command injection. It’s simply injecting shell commands into a Web application with the hope that the backend system will execute the instructions,” Kuhn said. “An attacker would be looking for a flaw on the retailer’s website to accomplish the attack, normally targeting PHP and CGI-based applications.”
Read the full story at eSecurity Planet:
Black Friday Cyber Attacks Declined in 2014
Sean Michael Kerner is a senior editor at InternetNews.com. Follow him on Twitter @TechJournalist.