August 5, 2014 | By Fred Donovan
The Backoff malware, detailed in a US-CERT alert on Friday, has already infected point-of-sale, or POS, systems at 600 retailers, according to security firm Trustwave.
Some of the 600 retailers are large retail chains, Karl Sigler–threat intelligence manager at Trustwave–tells TIME magazine. The Department of Homeland Security, which worked with Trustwave and other federal agencies in uncovering the Backoff malware, declined to comment on Sigler’s estimate.
As reported by FierceITSecurity, the Backoff malware is able to infect POS systems through remote desktop software used by retailers to enable remote workers to access their corporate networks. Once the cybercriminals find this software, they launch brute force attacks against their login feature, gain access to the networks, deploy the malware, steal customer payment data and hide the theft using encryption.
All of the retailers identified as being infected with the malware are aware of the breach, says Trustwave.
Backoff is just one of a number of POS malware attacks over the last few years, notes Jaime Blasco, labs director of security startup AlienVault. He says that most remote desktop software uses common usernames and passwords by default–which are often not changed by the retailers.
“The lessons to learn from the latest retailer breaches are: don’t expose critical systems such as POS devices to the Internet, especially if you are running Remote Desktop or similar. If for some reason you have to do it, try to create access lists so that only certain IP addresses can access those devices and use strong passwords or even two-factor authentication. Lock all the data and monitor all of your network traffic. Deploy detection technology to be able to look for suspicious traffic,” Blasco writes in a statement emailed to FierceITSecurity.
Eric Chiu, president and co-founder of cloud security firm HyTrust, agrees. “Companies need to shift their approach to security from an ‘outside-in’ mentality of perimeter-based security to an ‘inside-out’ model where they assume the bad guy is already on the network. Access controls, role-based monitoring and data encryption are critical requirements to protect critical systems from insider threats,” Chiu says in a statement emailed to FierceITSecurity.
(Source – FierceItSecurity)