light bulb

Did You Know?



Reply
Posts: 4,802
Topics: 3,033
Kudos: 5,909
Registered: ‎06-12-2013

New Backoff PoS Malware Identified in Several Attacks

Getting on towards a year since the Target chain was attacked by POS Malware a new breed of Poin-Of -Sale malware has been released on us, just what we need.

 

by Dennis Fisher   July 31, 2014

 

POS

 

 

 

 

 

 

 

 

 

 

 

 

 

 

"The Backoff malware doesn’t necessarily make use of any new techniques or employ innovative infection methods, but researchers at Trustwave SpiderLabs and US-CERT, who have analyzed the malware, say that it’s a serious threat. Attackers have been using the Backoff malware as the second stage of campaigns that begin with locating and then brute-forcing the credentials for remote desktop applications, often for an administrator account. Once that’s accomplished, the attackers then look for PoS devices and install the Backoff malware if possible."

 

Full Article

Sr. Community Leader

Posts: 3,143
Topics: 1,921
Kudos: 2,229
Blog Posts: 0
Registered: ‎06-02-2014

Retailers shot up by PoS scraping brute force cannon

Comment: hackers have come up with a new point of sale malware

=================================================================================================

By Darren Pauli, 1 Aug 2014

 

 

The US Computer Emergency Response Team has warned of a new point of sale malware that is targeting retailers.

The malware is a RAM-scraper of the kind made infamous by the Target breach that saw attackers plant wares on terminals to nab credit cards while they were temporarily unencrypted.

 

This attack uses a new tool delivered through an increasingly common vector; Attackers implanted the malware dubbed BackOff on the point of sales (PoS) terminals of several unnamed retailers by brute forcing passwords protecting remote desktop protocol channels.

"Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications," US-CERT warned in an alert.

 

The Register/ Full Article Here/ http://www.theregister.co.uk/2014/08/01/retailers_shot_up_by_pos_scraping_brute_force_cannon/

Community Leader

Posts: 4,802
Topics: 3,033
Kudos: 5,909
Registered: ‎06-12-2013

'Backoff' Malware: Time To Step Up Remote Access Security

An excellent article giving good advice for improving security against POS malware campaigns and other attacks.
 
Boatner Blankenstein  8/1/2014 02:30 PM
 

"Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications. Remote desktop solutions like Microsoft's Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMEIn Join.Me offer the convenience and efficiency of connecting to a computer from a remote location. Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently exfiltrate consumer payment data via an encrypted POST request...

Similar attacks have been noted in previous PoS malware campaigns and some studies state that targeting the Remote Desktop Protocol with brute force attacks is on the rise."

 

Full Article

 

Sr. Community Leader

Posts: 902
Registered: ‎06-20-2014

Re: 'Backoff' Malware: Time To Step Up Remote Access Security

This appears to be much worse than what everyone thought. Makes me look at things much different and wonder how much Target could have done to prevent the incident. I also wonder what other retailers have been hit that do not know yet, better yet, how many consumers do not yet know.

 

The cybercriminals obviously are constantlly developing new strategies, time for businesses to follow suit. Perhaps one day they may get a step ahead or at least have some means of defense.

sig



Experience Shared is Knowledge Shared, Share Yours! I'm a volunteer – my reward is your SMILE!:smileyvery-happy:


Helpful Webroot Links:


                         Submit Trouble Ticket • User Guides • BrightCloud URL lookup • Account Console 

Download (PC) • Download (Best Buy/Geek Squad Subscription) • Download (Walmart and Target) • Download (MSN Subscription) 


                                         Register and Introduce yourself to The Community!

Posts: 3,143
Topics: 1,921
Kudos: 2,229
Blog Posts: 0
Registered: ‎06-02-2014

Re: 'Backoff' Malware: Time To Step Up Remote Access Security

The following article is a update on Backoff Malware

(US warns 'significant number' of major businesses hit by Backoff malware)

 

By Martyn Williams
August 22, 2014 05:48 PM ET
 

IDG News Service - More than 1,000 major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called "Backoff" and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday.

Backoff first appeared in October 2013 and is capable of scraping the memory contents of point of sales systems -- industry speak for cash registers and other terminals used at store checkouts -- for data swiped from credit cards, from monitoring the keyboard and logging keystrokes, from communicating with a remote server.

 

ComputerWorld/ full article here/ http://www.computerworld.com/s/article/9250607/US_warns_39_significant_number_39_of_major_businesses...

Community Leader