Two news stories kept cybersecurity in the spotlight this week –the discovery of new point-of-sale malware, and a new survey thatrevealed almost 90% of IT executives fear their companies areunprepared for data incursions.

The Chicago-based information security company Trustwaveuncovered a POS memory-scraper malwaredubbed “Cherry Picker.” Trustwave is currently analyzing one caseof Cherry Picker, which has been undetected by antivirus systemsand security companies since 2011. It has targeted the food andbeverage industry, but Trustwave warned any business with a POSapplication processing credit card numbers is at risk.

Similar to how a cherry picker positions himself to make an easygoal in a basketball or soccer game, the malware scouts an infectedsystem and pinpoints exactly which processes to target in order tosuccessfully steal credit card information.

“The configuration specifies a target process that it expects tobe loaded in,” Eric Merritt, security researcher for Trustwave,wrote in a blog post. “If the parent process does not match thename specified by this field, the malware will exit.”

The malware can also steal privileged credentials, allowingcriminals remote access to a customer's network – something thathas become a trend in the cybercrime space.

Cherry Picker uses configuration files, encryption, obfuscationand command line arguments to stay away from companies' radars,giving the maware a very low detection rate. Trustwave also learnedthe malware has consistently improved and morphed into threeslightly different variations since 2011, making it even moredifficult to detect.

In a 2014 report, security vendor Symantec identified POSmalware as one of cybercriminals' most commonly used methods forstealing payment card data. Criminals utilized POS malware underthe radar since 2005 or earlier, but when massive data breachesoccurred in 2013 and 2014, compromising more than 100 millionpayment cards, the full magnitude of the problem became apparent,Symantec said. The increasing accessibility of fairly cheap,ready-to-use POS malware kits has only worsened the threat.

Meanwhile, a survey of IT security professionals from theNeedham, Mass.-based security firm Promisec found endpoint securitysolutions continue to lag, failing to provide protections ordetections adequate enough to mitigate security threats.

A majority of IT executives surveyed also indicated a heightenedfear of a security breach in the coming year and acknowledged arapidly shifting security landscape, which now includes endpointsecurity.

An alarming 89% of IT executives have a heightened fear of abreach taking place over the next year, while 74% of respondentssaid traditional anti-virus defenses no longer address advanced,targeted threats.

The survey also found 82% are either “highly” or “moderately”concerned about a potential security breach in the next year, whileonly 31% say they are “well prepared” for a cyber-attack. Amajority of respondents (73%) consider endpoints – such asdesktops, laptops and mobile devices – to be the “most vulnerable”part of a network. And, in spite of a significant concern forpotential data breaches and the value of endpoint security, mostcompanies' defenses are inadequate.

“Results from our survey indicate that for many companies,endpoints remain highly vulnerable to a cyber-attack as threatlevels continue to rise,” Dan Ross, CEO of Promisec, said. “Wecontinue to see a new breed of more complex and sophisticatedthreats, where traditional blocking and prevention mechanisms, suchas firewall, anti-virus and anti-malware software, are no longerenough to keep our networks safe.”