POS Malware Declines in 2016 as Spam Volume Grows, SonicWall Reports

Data from SonicWall indicates a dramatic decline in the volume of Point-of-Sale malware, though attacks are still occurring. Meanwhile, spam volumes are rising.

Download the authoritative guide: The Ultimate Guide to IT Security Vendors

During the 2013 holiday season, U.S retailer Target revealed that it was the victim of a massive data breach, triggered in part by Point-of-Sale (POS) malware.

In 2014 and 2015, POS malware was identified as a major issue impacting hundreds of retailers, but now in 2016 according to new data from SonicWall provided to eWEEK, it appears as though POS malware might be on the decline.

According to data collected from the SonicWall Threat Intelligence Global Response Intelligent Defense (GRID) Network, there has been a 92 percent decline in POS-based attacks since 2014.

"What we have observed is a reduction in the number of new malware variants that are targeting POS systems," Bill Conner, president and CEO, SonicWall said.

Conner became CEO of SonicWall at the beginning of the month, as the company began its existence as a privately-held organization separate from Dell. SonicWall's GRID network pulls in data from over 1 million security sensors in nearly 200 countries and territories.

In 2014, when POS malware first emerged as a big security issue, the U.S Secret Service identified the BackOff malware family as a key threat infecting thousands of retailers. Conner commented that SonicWall's research currently identifies the most popular POS malware for 2016 as AbaddonPOS and PunkeyPOS, though he noted that POS has declined so much that SonicWall isn't seeing much activity on those POS malware families either.

As to why POS malware is declining, SonicWall's research provides a few clues.

"Based on our threat research, we theorize that larger retailers have upgraded their security with chip-based POS systems after the big data breaches of Target, Home Depot and others," Conner said. "What we are seeing is a shift of focus away from POS-based attacks to other more lucrative forms of monetizing malware such as ransomware."

Though SonicWall's data shows a decline in POS malware, POS breaches are still occurring. On Nov. 22, the Madison Square Garden Company publicly disclosed that it was the victim of a payment processing system breach of its systems that lasted from Nov. 9, 2015 until Oct. 24, 2016 The breach impacts payment cards used to purchase merchandise and food and beverage items at Madison Square Garden, the Theater at Madison Square Garden, Radio City Music Hall, Beacon Theater, and Chicago Theater.


While POS malware is on the decline, SonicWall is seeing a 110 percent increase in spam volume for 2016 in comparison to 2015.

"What we are reporting is that our internal spam honeypots have seen a marked increase in spam messages related to Black Friday compared to the same period in 2014 and 2015," Conner said. "This is simply an observation that based on one albeit limited date range, we are seeing the same trend around shopping related Spam messages during the holiday season."

Overall SonicWall's researchers are expecting that spam volumes will follow historical patterns of growth over the Thanksgiving Day holiday. Conner explained that what SonicWall has seen in past years, in its own spam honeypots, is that spam picks up dramatically the Friday before Thanksgiving in the US. It continues to grow through the week, peaking on Cyber Monday and then falls back to relatively normal patterns three days after Cyber Monday.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist

Sean Michael Kerner

Sean Michael Kerner

Sean Michael Kerner is an Internet consultant, strategist, and contributor to several leading IT business web sites.