U.S. merchants advised to protect themselves against same PoS hack that hit Target and Neiman Marcus last year.
More than 1,000 U.S. businesses have had their systems infected by Backoff, a point-of-sale (PoS) malware that was linked to the remote-access attacks against Target, Michaels, and P.F. Chang’s last year and more recently, UPS and Dairy Queen. In the Target breach alone, 40 million credit and debit cards were stolen, along with 70 million records which included the name, address, email address, and phone number of Target shoppers.
The way these breaches occur is laid out in BACKOFF: New Point of Sale Malware, a new U.S. Department of Homeland Security (DHS) report. Investigations reveal that cybercrooks use readily available tools to identify businesses that use remote desktop applications which allow a user to connect to a computer from a remote location. The Target breach began with stolen login credentials from the air-conditioning repairman.
Once the business is identified, the hackers use brute force to break into the login feature of the remote desktop solution. After gaining access to administrator or privileged access accounts, the cybercrooks are then able to deploy the PoS malware and steal consumer payment data. If that’s not enough, most versions of Backoff have keylogging functionality and can also upload discovered data, update the malware, download/execute further malware, and uninstall the malware.
General steps SMBs and consumers can take to protect themselves
- You should use a proper security solution, like avast! Endpoint Protection, to protect your network from hacking tools, malicious modules, and from hackers using exploits as a gateway to insert malware into your network.
- Regularly monitor your bank and credit card statements to make sure all the transactions are legitimate.
- Change default and staff passwords controlling access to key payment systems and applications. Our blog post, Do you hate updating your passwords whenever there’s a new hack?, has some tips.
- Monitor your credit report for any changes. You’re entitled to one free report per year from each of the three reporting agencies.