As banks and financial institutions have become harder to break into, cyber criminals have increasingly turned to targeting retail operations. According to an advisory issued last week by the DHS, the malware family known as Backoff has been identified in three forensic investigations of large-scale Point-of-Sale (POS) data breaches.
The malware reads credit and debit card information from the infected computer’s memory, before it can be encrypted for verification. Backoff attaches itself to an essential Windows executable file and is very difficult to detect. The report indicated it is almost undetectable by current virus definitions.
While the antivirus software companies work on a solution, here are a few things you can do to keep Backoff away from your business.
Disable or remove remote desktop applications
Backoff targets computers running programs like Apple Remote Desktop, Chrome Remote Desktop and Splashtop 2. If your IT staff needs to use these programs for troubleshooting or updates, have them disable or remove the programs when they are finished. Leaving them installed and active lays out the red carpet for data thieves.
Monitor outside connections coming into your network
Once the criminals find a vulnerable system, they usually attempt to break in using brute force. They use automated software to try common usernames and passwords until they hit a match. Monitor your network traffic for unfamiliar IP addresses and unusually high numbers of external connections or login attempts.
Require strong passwords for all accounts
Weak passwords are easy to crack. Strong passwords should be at least 12 characters and have a mix of uppercase and lowercase letters, symbols and numbers. Some systems use two passwords, the user’s normal password and a single-use password sent via another route such as text messaging.
Educate your users about email security
Don’t forget many security breaches start with simple phishing scams. Caution your users not to click on any email link or attachment they weren’t expecting, even if it’s from someone they trust. If they receive a suspicious email, have them contact the source directly to make sure it’s legitimate.
Safeguard your point-of-sale computers
Your POS computers should have their own network isolated from other computers, and they should only run software directly related to POS functions. The criminals responsible for the Target data breach last November stole their login credentials from an HVAC subcontractor that had also done work for other large retailers. Businesses often give HVAC companies network access to monitor heating and cooling equipment. Since the POS machines ran off the same network, the criminals were able to access them and install their malware.
Now that Backoff has been discovered, it’s certain antivirus software companies are hard at work on finding ways to neutralize it so it won’t remain undetectable for long. But retailers shouldn’t be lulled into a false sense of security. Malware developers aren’t standing still either, and there are always new threats on the horizon.