humble3d Posted October 28, 2014 Share Posted October 28, 2014 Backoff PoS Malware Boomed In Q3The security firm Damballa detected a 57% increase in infections of the notorious Backoffmalware from August to September.Try as they might, retailers don't seem to be able to get the Backoff malware to actuallyback off.According to a new report from the security firm Damballa, detections of the notoriouspoint-of-sale (PoS) malware jumped 57% from August to September. During the month ofSeptember alone, Backoff infections increased 27%.This year, the Secret Service estimated that as many as 1,000 US businesses may be infectedby the malware. That list of impacted businesses features some big names, including UnitedParcel Service (UPS) and Dairy Queen.According to Damballa, the increase demonstrates that the malware is bypassing networkprevention controls, and it underscores the importance of ensuring that PoS traffic isvisible."In many cases, the PoS systems are free-standing from the corporate network," says DamballaCTO Brian Foster. "They connect to local networks, which have limited security. Without thisvisibility, it's impossible to discover the device is communicating with criminal commandand control."In addition, many PoS devices are accessible via remote access software for tasks such assoftware upgrades and patches, providing yet another avenue for compromise, Foster says.In an advisory issued this summer, US-CERT said that attackers were using remote desktoptools such as Splashtop 2, LogMeIn, and Apple Remote Desktop as a convenient way to deployPoS malware and steal data.Curt Wilson, senior research analyst for Arbor Networks' ASERT team says companies thatprovide for the deployment and ongoing remote support to merchants that run PoS systemsshould implement strong security, because they are a target."If a PoS provider is compromised, the attackers typically obtain access to all theircustomer deployments via remote access capabilities, leading to complex, distributedcompromise," Wilson says. "Strong authentication may provide an extra layer of defense insuch a case, unless the strong authentication process is also compromised. Organizations,especially smaller to midsized organizations, should be aware of the potential of remotesupport being compromised."All connectivity associated with PoS systems -- even connectivity that appears to beauthorized -- should be audited on a regular basis, he says. Merchants purchasing PoSinfrastructure should look into the provider's security posture and go elsewhere if theyjudge the security to be lax or if the appropriate contractual obligations cannot be met."Retailers should be implementing best practice security and application controls to preventthis type of malware," says Mike Davis, CTO of CounterTack. "Preventing outbound networkconnections except to known company owned servers… preventing the saving of data on the PoSexcept from the PoS software itself, and proper file and disk permissions would haveprevented Backoff from working. The problem is, implementing all of this prevention isincredibly difficult, prone to errors, and takes a long time to deploy across theenterprise."Foster says that, as long as Backoff continues to be effective, organizations should expectit to stick around. "Think of it as the malware du jour. As long as it works, threat actorswill keep using it. As soon as its effectiveness diminishes, they will use something else."http://www.darkreading.com/attacks-breaches/backoff-pos-malware-boomed-in-q3/d/d-id/1316957? Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.