Retailers warned of attacks using hard-to-spot PoS malware
Posted on 01.08.2014
Retailers, beware: cyber crooks are increasingly targeting remote desktop applications by brute-forcing passwords, and are using that access to plant hard-to-detect PoS malware that scrapes and exfiltrates consumer payment data via an encrypted POST request.

The PoS malware family in question is dubbed "Backoff" and has a number of variants. It has been discovered recently, but has been used in attacks against three different retailers since October 2013.

The malware is capable of scraping the memory of POS systems for card track data, logging keystrokes, communicating with a C&C server and receiving instructions, downloading additional malware, exfiltrating the collected data, as well as injecting a malicious stub into the explorer.exe process in order to achieve persistence on the system.

US-CERT has issued a security advisory warning retailers that the "Backoff" malware family are largely undetected by AV vendors, but that detection signatures will be added by them in the coming days, and have urged them to update their AV solutions.

In the meantime, network administrators can apply the provided indicators of compromise to a variety of prevention and detection strategies, as well as implement risk mitigation recommendations regarding remote desktop access and cash register and PoS security (also provided in the advisory).

"The impact of a compromised PoS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts," they pointed out.

"It is critical to safeguard your corporate networks and web servers to prevent any unnecessary exposure to compromise or to mitigate any damage that could be occurring now."









Spotlight

(IN)SECURE Magazine issue 43 released!

Posted on 16 September 2014.  |  (IN)SECURE Magazine is a free digital security publication discussing some of the hottest information security topics. This issue covers web application security, mobile hacking, certification, Black Hat, and much more.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Wed, Sep 17th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //