DID YOU KNOW ABOUT BACKOFF POINT-OF-SALE MALWARE?

So, did you know about Backoff Point-of-Sale Malware? If you did, how much did you know about it and what steps have you been taking to combat a possible threat?

POS Hack: In vogue…

Point-of-Sale (POS) hack ranks high in the world of cybercrime. It’s most persisitent and highly successful and individuals as well as organised syndicates have been using it very effectively to steal credit card data and other personal data. Cybercriminals are vying with one another to steal critical data from retailers and thereby rob people of their money. Different types of malware have been found and anti-malware softwares too are in circulation, to combat these attacks.

Backoff Point-of-Sale Malware: An Introduction

It was about a couple of years ago, in July 2014, that the US Department of Homeland Security, in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), issued an alert about a new strain of malware, dubbed ‘Backoff’. The release stated- “The purpose of this release is to provide relevant and actionable technical indicators for network defense against the PoS malware dubbed “Backoff” which has been discovered exploiting businesses’ administrator accounts remotely and exfiltrating consumer payment data”.

What it is? How it works?

This malware, as per the alert issued by the Department of Homeland Security, was seen to be existing as three different variants and was there “as far back as October 2013”. The malware enables cybercriminals to scrap memory for track data, log keystrokes, command and control (C2) communication and inject malicious stub into explorer.exe. The advisory prepared by the Department of Homeland Security gives this explanation- “The malicious stub that is injected into explorer.exe is responsible for persistence in the event the malicious executable crashes or is forcefully stopped. The malware is responsible for scraping memory from running processes on the victim machine and searching for track data. Keylogging functionality is also present in most recent variants of “Backoff”. Additionally, the malware has a C2 component that is responsible for uploading discovered data, updating the malware, downloading/executing further malware, and uninstalling the malware.”

The result

The ultimate effect obviously is upon the consumer whose personal data and eventually hard-earned money gets stolen. At the same time businesses too bear the brunt of the attack. Their brand and reputation get affected and things go out of control for them, eventually leading to great falls.

Combating Backoff Malware

The following things can be done to mitigate risks to businesses as well as to individual consumers…

• Have a good, trusted anti-malware program, especially one that also tackles POS malware effectively.
• Review systems periodically for unknown and dormant users.
• Replace/update staff and default passwords with new, securer passwords. Remember, it’s not about passwords being easy, it’s about passwords being secure and hard to crack.
• Limit numbers of users who log in using Remote Desktop.
• Opt for two-factor authentication (2FA) for remote desktop access.
• Change the default Remote Desktop listening port and thwart entry of cybercriminals who try to gain access by searching for default port used by remote desktop applications.
• Do the payment processing through a different network, to minimise risks.
• Make sure there is a regular logging of events and that there is a process to monitor logs daily.

These and certain other steps can be taken to minimise risks that can be caused by the Backoff Malware.

IT Inventory

Be Sociable, Share!

• 
•