New Backoff PoS Malware Identified in Several Attacks

  • 31 July 2014
  • 4 replies
  • 1474 views

Userlevel 7
Badge +54
Getting on towards a year since the Target chain was attacked by POS Malware a new breed of Poin-Of -Sale malware has been released on us, just what we need.
 
by Dennis Fisher   July 31, 2014
 


 
 
 
 
 
 
 
 
 
 
 
 
 
 
"The Backoff malware doesn’t necessarily make use of any new techniques or employ innovative infection methods, but researchers at Trustwave SpiderLabs and US-CERT, who have analyzed the malware, say that it’s a serious threat. Attackers have been using the Backoff malware as the second stage of campaigns that begin with locating and then brute-forcing the credentials for remote desktop applications, often for an administrator account. Once that’s accomplished, the attackers then look for PoS devices and install the Backoff malware if possible."
 
Full Article

4 replies

Userlevel 7
Comment: hackers have come up with a new point of sale malware
=================================================================================================
By Darren Pauli, 1 Aug 2014
 
 
The US Computer Emergency Response Team has warned of a new point of sale malware that is targeting retailers.
The malware is a RAM-scraper of the kind made infamous by the Target breach that saw attackers plant wares on terminals to nab credit cards while they were temporarily unencrypted.
 This attack uses a new tool delivered through an increasingly common vector; Attackers implanted the malware dubbed BackOff on the point of sales (PoS) terminals of several unnamed retailers by brute forcing passwords protecting remote desktop protocol channels.
"Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications," US-CERT warned in an alert.
 
The Register/ Full Article Here/ http://www.theregister.co.uk/2014/08/01/retailers_shot_up_by_pos_scraping_brute_force_cannon/
Userlevel 7
Badge +54
An excellent article giving good advice for improving security against POS malware campaigns and other attacks. Boatner Blankenstein  8/1/2014 02:30 PM "Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications. Remote desktop solutions like Microsoft's Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMEIn Join.Me offer the convenience and efficiency of connecting to a computer from a remote location. Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently exfiltrate consumer payment data via an encrypted POST request...
Similar attacks have been noted in previous PoS malware campaigns and some studies state that targeting the Remote Desktop Protocol with brute force attacks is on the rise."
 
Full Article
 
Userlevel 6
This appears to be much worse than what everyone thought. Makes me look at things much different and wonder how much Target could have done to prevent the incident. I also wonder what other retailers have been hit that do not know yet, better yet, how many consumers do not yet know.
 
The cybercriminals obviously are constantlly developing new strategies, time for businesses to follow suit. Perhaps one day they may get a step ahead or at least have some means of defense.
Userlevel 7
The following article is a update on Backoff Malware
(US warns 'significant number' of major businesses hit by Backoff malware)
 
By Martyn WilliamsAugust 22, 2014 05:48 PM ET IDG News Service - More than 1,000 major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called "Backoff" and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday.
Backoff first appeared in October 2013 and is capable of scraping the memory contents of point of sales systems -- industry speak for cash registers and other terminals used at store checkouts -- for data swiped from credit cards, from monitoring the keyboard and logging keystrokes, from communicating with a remote server.
 
ComputerWorld/ full article here/ http://www.computerworld.com/s/article/9250607/US_warns_39_significant_number_39_of_major_businesses_hit_by_Backoff_malware

Reply