NetFort Advertising

Tips for preventing Backoff PoS Malware


Backoff PoS Malware – Top tips for preventing outbreaks

The US Computer Emergency Readiness Team (US-CERT) sent out an alert this week warning retailers of a new malware variant called “Backoff” that is designed to steal credit card data. A detailed PDF can be found here. The malware itself isn’t new and goes back as far as the Target Breach in 2013 and is a variant of the same family.

The bad actors are “repurposing” remote control tools like Microsoft Remote Desktop (RDP), Apple Remote Desktop and LogMeIn to gain administrative access to these payment systems. It really is as simple as them using good old fashioned guess work for this and using credentials such as “username: administrator, password: POS123” of which I will not link to but can be found with some good old Google-Fu.

A lot of this is to do with many point of sale outsourcing companies deploying these tools with common passwords across their customer base or passwords that are easily guessed based on the customer name or brand of PoS.

The problem of third-party providers and contractors is that they often will set easy credentials or be in a rush to finish the task (Setting the defaults) so they do not put the same amount of time and effort as you would yourself into YOUR security which you think they are right?

  • Insist on proper security from all contractors and service providers, and check they’re doing everything they should be too.
  • Application control and network monitoring can help detect the presence of connections to these systems as well. Careful monitoring should be able to detect or prevent unexpected or unauthorized remote connection attempts.
  • Implementing Two Factor and a VPN can also help in the mitigation of keeping bad actors out utilising the something you know “password” and something you have “”2FA token” in order to gain access to your network, add in a VPN that you control and you are doing a lot more than most business to protect your assets.

Nobody wants to be hit with a huge fine when your customer bases PII (Personally Identifiable Information) is leaked and sold online do they? Are you aware of the fines that MasterCard, Visa and the likes are going to hit you with per card? You should look into this and you may think twice about not enforcing your security policies and protecting your customer base.


Keith Bennett

August 2014