cl-nz logo
Story image

Mako: Keeping POS safe... Backoff!

18 Sep 2014

A difficult to detect malware is targeting POS systems, warns Ken Caballero, Mako channel account manager. He offers some tips on how you can keep your customers safe.

Recent news reports have shown that the point of sale (POS) not only remains a tempting target for hackers, it’s one that continues to provide a promising payday.

Toward the end of last year authorities and researchers first identified a strain of difficult-to-detect malware, known as Backoff, that specifically targets POS systems using remote desktop protocol (RDP).

But despite more than six months on the radar of security professionals, Backoff continues to prove a thorny problem - especially at retail businesses.

For many channel partners, remote desktop solutions offer the convenience and efficiency of connecting to a customer’s computer without having to go out on site.

But hackers are using special programs to scan for businesses that use RDP applications and, once located, use brute force tactics to crack the password protection and gain access. They’re then able to deploy the Backoff malware and siphon off credit or debit card data directly from the POS, undetected.

In the face of Backoff (and as good practice in general), it’s worth another look at ways of defending against these threats. An ounce of prevention is worth a pound of cure.

Prevention priorities

If you’re using RDP to connect to customer locations, configure the account lockout settings to lock a user account after a period of time or a specific number of failed login attempts.

This should help reduce the likelihood of a successful brute force attack gaining access to the system. You should also review access logs to ensure all access sessions were valid.

As for the network, make sure all payment systems are properly segmented from the rest of the business network. Keeping strictly enforced network zones helps limit potential avenues of access to valuable cardholder data.

Also, review firewall configurations and ensure only allowed ports, services and IP addresses are communicating with your network. This is especially critical for outbound firewall rules; hackers rely on businesses allowing their payment networks to have open access to the internet so they can extract card data undetected.

Lastly, review POS systems to ensure they’re running the most up-to-date versions of their operating systems, all security patches have been installed and antivirus is up to date.

It’s worth pointing out that these recommendations are all covered as part of the Payment Card Industry Data Security Standard (PCI DSS), which provides overall guidance on how a business should be protecting card data.

So often with security, it comes down to doing the fundamental things right. As new malware threats continue to emerge, taking the time to make sure some of the basics are handled properly can be the best line of defence.

By Ken Caballero, channel account manager, Mako