What is Backoff Malware?
Backoff Malware, a Memory Scrapping malware provisions the hackers to steal credit card data from retail machines. Security experts understand through the secret service that businesses at the United States are found to see network interference through Backoff malware.
It is developed by shenanigans of underworld to track sensitive card holder data (Track 2 data) to access the card's magnetic stripe through POS magnetic stripe readers. The track 2 data takes hold of the primary account number and the customer's PIN (Personal Identification Number). The hackers exploit the track 2 details to clone fake credit cards.
The Backoff Malware fortes the following
- Scraping of the credit card memory
- Keystrokes logging
- Introducing backoff malware infections stub into the explorer.exe
Backoff Malware Variants
Hackers have rolled out the following five new backoff malware variants.
The malware mutant were infused with the following tweaks
- A local .dat temporary storage space is included to stack in discovered track data
- Keylogging function is added
- "gr" POST parameter is added to encompass variant name
- New capability to ex-filtrate key-log data
- Install path has been changed
- Channels multiple ex-filtration domains
- Changed User Agent
- Strives to delete prior version of malware
- implements 184.108.40.206 as resolver
- This mutant sees a change in the URI and version name with no much updates
- With this new version, the explorer.exe injection component is removed
- The mutant version re-adds the explorer.exe injection component
- Supports multiple domain/URI/port configurations
- Mutated malware code is accountable for generating exfiltration threads
Impact of POS-Malware
Backoff Malware didn’t miss many types of businesses, and hit:
- Franchise restaurants
- Big-box retailers
- Nonprofit organizations
- Shipping companies
- Luxury department stores
- Office supply stores
- Parking service companies
- So many others
All of these companies used a third-party POS vendor and software to help handle transactions, and they handled consumer credit card information.
How to Protect POS Applications from Backoff Malware
Refine your POS Security with multiple layer protection
Backoff POS Malware relies on remote desktop platforms - having this in mind, retailers are to nourish the security system that is framed out through any desktop tools.
1. Remote Desktop Access
- If any software installed on your machine is not of use, remove all its instances and when needed, restrict the software access to users who require the same.
- Also restrict access only to the users who require remote desktop functionality to get their job done.
- Recommend users to reinforce effective security policies while connected to the remote desktop
- Instil the use of two-factor authentication (2FA) to access remote desktop.
- Reviews systems (local and domain controllers) in regular intervals.
2. Network Security
- Evaluate firewall configurations and make sure only ports, internet protocol (IP) addresses that are permitted are communicating with your network. This avoids the hackers to ex-filtrate data to their respective IP addresses
- Separate the networks for processing of payment from other networks
- Implement the use of prevention/detection tools to prevent data exfiltration and to detect suspicious network traffic and abnormal behaviour by authorized users
- Implement the use of access control list (ACL) on router configuration to limit the interference of unauthorized traffic over the networks that deal with payment processing
3. Cash Register and PoS Security
- Install Payment applications that are compliant to Payment Application Data Security Standard
- Practice the use of complex password to prevent application modification. Implement the use of two-factor authentication wherever possible
- A hardware-based point to point encryption is recommended
- Restrict access to unnecessary ports and services, null sessions and default users.
Comodo SecureBox – A Paradigm to Safeguard POS Application from Backoff Malware
Comodo SecureBox unravels an easy, lightweight, affordable solution to protect your POS application from malware even when user sessions are running on infected endpoint devices.
Securebox instils containment technology that wraps sensitive applications and data in a non-modifiable container that treats all processes as suspicious files and hence deny access to the application, by this way your card holder data can be safe. Contact us today to learn more.
Securing POS devices is more of a challenge as Point of Security malware attacks work complex against POS systems. Comodo Securebox unleashes next generation POS security techniques and efficient endpoint protection solution solution to defy such resilient POS malware.