Retailers warned of attacks using hard-to-spot PoS malware
Posted on 01.08.2014
Retailers, beware: cyber crooks are increasingly targeting remote desktop applications by brute-forcing passwords, and are using that access to plant hard-to-detect PoS malware that scrapes and exfiltrates consumer payment data via an encrypted POST request.

The PoS malware family in question is dubbed "Backoff" and has a number of variants. It has been discovered recently, but has been used in attacks against three different retailers since October 2013.

The malware is capable of scraping the memory of POS systems for card track data, logging keystrokes, communicating with a C&C server and receiving instructions, downloading additional malware, exfiltrating the collected data, as well as injecting a malicious stub into the explorer.exe process in order to achieve persistence on the system.

US-CERT has issued a security advisory warning retailers that the "Backoff" malware family are largely undetected by AV vendors, but that detection signatures will be added by them in the coming days, and have urged them to update their AV solutions.

In the meantime, network administrators can apply the provided indicators of compromise to a variety of prevention and detection strategies, as well as implement risk mitigation recommendations regarding remote desktop access and cash register and PoS security (also provided in the advisory).

"The impact of a compromised PoS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a businessí brand and reputation, while consumersí information can be used to make fraudulent purchases or risk compromise of bank accounts," they pointed out.

"It is critical to safeguard your corporate networks and web servers to prevent any unnecessary exposure to compromise or to mitigate any damage that could be occurring now."









Spotlight

Bash Shellshock bug: More attacks, more patches

Posted on 29 September 2014.  |  As vendors scramble to issue patches for the GNU Bash Shellshock bug and companies rush to implement them, attackers around the world are probing systems for the hole it opens.


Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.
  



Daily digest

Receive a daily digest of the latest security news.
  

DON'T
MISS

Tue, Sep 30th
    COPYRIGHT 1998-2014 BY HELP NET SECURITY.   // READ OUR PRIVACY POLICY // ABOUT US // ADVERTISE //