By : John Pearson
January 23, 2015 03:14 PM
Beware of Backoff POS Crimeware. On July 31, 2014 the United States Department of Homeland Security, published an advisory about new crimeware targeting businesses that accept, process, or transmit credit card data. This new crimeware, called Backoff, is a tool used by criminal hackers to take advantage of insecure remote access software, deficient networks, and weak user credentials, with the intent to gain access to key environments such as Point of Sale (POS) systems, where the criminal hackers can collect, steal, and monetize data. Backoffsearches the Internet for locations using remote access software such as, but not limited to, Apple Remote Desktop™, Chrome Remote Desktop™, LogMeIn®, Microsoft® Remote Desktop, and more. Once found, it allows criminal hackers to brute force user accounts using the remote access software. It also provides tools that take advantage of deficient networks and unpatched operating systems to gain access to machines within the environment. If the criminal hackers can gain access to the machines, they can then deploy memory-scrappers and key-loggers that allow them to scan active memory for its contents and track key strokes, mouse moves, and screen touches to capture any and all data entered. How can you protect yourself? To protect your business, follow the guidelines provided by PCI DSS, specifically a layered security approach that includes:
Following one or two of these guidelines alone is not enough to secure your environment. For example, a solution deployed with a managed firewall and anti-virus or whitelisting, but uses an insecure remote access software can become a compromised site. The remote access software negates the protection of the firewall and anti-malware solution. If the remote access software is not configured for multi-factor authentication, brute force attacks can discover user accounts and passwords that will allow system access. Once system access is granted, then Backoff can install memory-scrapers and key-loggers. The Backoff crimeware in most cases cannot be detected by anti-virus, and whitelisting software can be deceived by Backoff if defects in unpatched software or operating systems exist. Remote users can run malicious code by posing as valid applications such as Windows® Explorer or taking advantage of vulnerabilities to disguise the crimeware through code injection even if whitelisting is in place. Thus a layered approach of managed firewall, secure remote access, strong user credentials, updated software, anti-malware, and logging is required to be protected. All systems, including POS systems, regardless of provider can be targeted by Backoff. It is the layers of security that are deployed to each system that determine if it is vulnerable to the attack vectors used by Backoff. Review your environment today to make sure your systems have the layers of protection needed. Please contact your NCR representative for details on NCR solutions and how NCR can help you improve the security of your business. Let us know if this information was helpful in the comments below.