Story image

Mako: Keeping POS safe... Backoff!

18 Sep 14

A difficult to detect malware is targeting POS systems, warns Ken Caballero, Mako channel account manager. He offers some tips on how you can keep your customers safe.

Recent news reports have shown that the point of sale (POS) not only remains a tempting target for hackers, it’s one that continues to provide a promising payday.

Toward the end of last year authorities and researchers first identified a strain of difficult-to-detect malware, known as Backoff, that specifically targets POS systems using remote desktop protocol (RDP).

But despite more than six months on the radar of security professionals, Backoff continues to prove a thorny problem - especially at retail businesses.

For many channel partners, remote desktop solutions offer the convenience and efficiency of connecting to a customer’s computer without having to go out on site.

But hackers are using special programs to scan for businesses that use RDP applications and, once located, use brute force tactics to crack the password protection and gain access. They’re then able to deploy the Backoff malware and siphon off credit or debit card data directly from the POS, undetected.

In the face of Backoff (and as good practice in general), it’s worth another look at ways of defending against these threats. An ounce of prevention is worth a pound of cure.

Prevention priorities

If you’re using RDP to connect to customer locations, configure the account lockout settings to lock a user account after a period of time or a specific number of failed login attempts.

This should help reduce the likelihood of a successful brute force attack gaining access to the system. You should also review access logs to ensure all access sessions were valid.

As for the network, make sure all payment systems are properly segmented from the rest of the business network. Keeping strictly enforced network zones helps limit potential avenues of access to valuable cardholder data.

Also, review firewall configurations and ensure only allowed ports, services and IP addresses are communicating with your network. This is especially critical for outbound firewall rules; hackers rely on businesses allowing their payment networks to have open access to the internet so they can extract card data undetected.

Lastly, review POS systems to ensure they’re running the most up-to-date versions of their operating systems, all security patches have been installed and antivirus is up to date.

It’s worth pointing out that these recommendations are all covered as part of the Payment Card Industry Data Security Standard (PCI DSS), which provides overall guidance on how a business should be protecting card data.

So often with security, it comes down to doing the fundamental things right. As new malware threats continue to emerge, taking the time to make sure some of the basics are handled properly can be the best line of defence.

By Ken Caballero, channel account manager, Mako

Proofpoint launches feature to identify most targeted users
“One of the largest security industry misconceptions is that most cyberattacks target top executives and management.”
How blockchain will impact NZ’s economy
Distributed ledgers and blockchain are anticipated to provide a positive uplift to New Zealand’s economy.
McAfee named Leader in Magic Quadrant an eighth time
The company has been once again named as a Leader in the Gartner Magic Quadrant for Security Information and Event Management.
Symantec and Fortinet partner for integration
The partnership will deliver essential security controls across endpoint, network, and cloud environments.
Review: Blue Mic’s Satellite headphones are good but...
Blue Mic’s newest wireless headphones deliver on sound, aesthetic, and comfort - but there is a more insidious issue at hand.
Is Supermicro innocent? 3rd party test finds no malicious hardware
One of the larger scandals within IT circles took place this year with Bloomberg firing shots at Supermicro - now Supermicro is firing back.
Forcepoint and Chillisoft - “a powerful combination”
Following Chillisoft’s portfolio expansion by signing on Forcepoint, the companies’ execs explain how this is a match made in cybersecurity heaven.
David Hickling in memoriam: “Celebrate the life and the music it made”
Dave was a well-respected presence in the IT channel and his recent death was felt by all the many people who knew him as a colleague and a friend.