Every now and then hackers develop a piece of malware that is so insidious that it changes the landscape of computer security and acceptable practices.
While there are many contenders for this dubious list, CodeRed, Zeus, and now Backoff are certainly worthy of inclusion. In 2001, CodeRed highlighted the need for servers to be patched regularly and to be isolated in a DMZ (demilitarized zone). Introduced in 2007 (with variants still active today), Zeus demonstrated how well organized hacker communities were and how easily man in the middle attacks could be used to compromise sensitive financial data.
Today, Backoff is ruining the reputation of many retail businesses and reeking havoc financially through the theft of credit card data. In fact, Backoff has garnered the attention of the U.S. Department of Homeland Security (DHS).
Wanting to warn retail businesses of the danger of this malware, the DHS released an advisory entitled, “Backoff: New Point of Sale Malware”. In the document, retailers are warned of how hackers are using this software after they penetrate a Point of Sale Network that uses insecure remote access.
Specifically, the document mentions Microsoft’s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop, Pulseway, LogMeIn, and Join.Me.
However, it is important to note that any remote access software that is not managed in a secure fashion could be used to compromise a system. Regardless of the remote access platform that is penetrated, hackers often find that they have administrative privileges on the remote machines once they connect, so it is simple for them to upload the Backoff malware at that point and begin the theft of credit cards.
Backoff works by allowing further remote control of the infected system, grabbing credit card data out of memory, writing files with sensitive authentication data, and transmitting the stolen information using standard HTML posts.
There is nothing particularly innovative about how Backoff works, but the completeness of its design and simplicity has allowed some of the biggest credit card thefts in history.
Hackers can easily obtain a copy of Backoff from the Internet; it is streamlined so that it causes few issues installing it on a remote machine; and it was well written so that it is extremely effective at stealing data once it is in place.
The key to defeating Backoff is by embracing basic security measures which too many retailers have ignored regardless of initiatives like the Payment Card Industry Data Security Standard (PCI).
First and foremost, make sure that remote access is secure. This includes using 2 factor authentication, strong passwords, and unique credentials so that activity can be tracked back to a specific user. For Netsurion customers, this would be our Secure Remote Access SSL VPN.
In addition, make sure that you have a good firewall protection program that incorporates limiting both inbound and outbound traffic to the minimum that is necessary. Again, Netsurion customers receive this service with our Threat Management solution. Whether or not you use security provided by us, you should review your practices to make sure that you are protected.
Malware will continue to be a significant issue for retailers for the foreseeable future, and it is key that retailers become aware of how to secure their environments. It would be irresponsible to ignore the problem or pretend that it could never happen to your businesses.
Software solutions such as anti-virus programs are usually between 6 to 12 months behind major malware releases, so it is necessary to embrace a more holistic approach when looking to protect your business. Taking the proper steps today will help you avoid joining the ever increasing list of businesses who realize that they are a hacker’s latest victim, and that is the goal of any security program.
We’ve expanded our MDR capabilities with enhanced incident response and security services to better protect against evolving cyber threats.