{"id":71320,"date":"2014-08-05T13:17:40","date_gmt":"2014-08-05T17:17:40","guid":{"rendered":"http:\/\/rbach.net\/blog\/index.php\/"},"modified":"2021-07-20T11:49:43","modified_gmt":"2021-07-20T15:49:43","slug":"remote-desktop-open-door-to-pos-malware","status":"publish","type":"post","link":"https:\/\/rbach.net\/index.php\/remote-desktop-open-door-to-pos-malware\/","title":{"rendered":"Remote Desktop Opens Door to POS Malware"},"content":{"rendered":"

\"Remote<\/a>The U.S. Department of Homeland Security (DHS)<\/strong> has issued a warning to retailers. DHS reports that cybercriminals are using remote desktop software<\/strong> to open up retailers’ networks to point-of-sale malware<\/strong> attacks. Point of Sale<\/a> (POS) systems have been at the heart of many of the recent data breaches. Retailers impacted include Target<\/a>, Jimmy John’s<\/a>.\u00a0P.F. Chang’s<\/a>, Neiman Marcus<\/a>, Michaels<\/a>, Sally Beauty Supply<\/a>, and Goodwill Industries International<\/a> t<\/span>he New York Times<\/a> <\/em><\/span>reported.<\/p>\n

\"\"<\/a>Research conducted by the DHS<\/a>, the Secret Service<\/a>, the National Cybersecurity and Communications Integration Center<\/a>, and security firm Trustwave SpiderLab<\/a>. have following the attacks. During the attacks, Cybercriminals are scanning<\/strong> corporate systems for remote desktop software. <\/strong>The attackers are looking for\u00a0Microsoft<\/a> (MSFT<\/a>) Remote Desktop<\/a>,\u00a0Apple<\/a> (AAPL<\/a>) Remote Desktop<\/a>, Google<\/a> (GOOG<\/a>) Chrome Remote Desktop<\/a>, Splashtop<\/a>, Pulseway<\/a>, and LogMeIn’s join.me<\/a>.<\/span><\/p>\n

Install malware<\/h3>\n

After finding an exposed system, attackers<\/span> launch brute force attacks on the login<\/strong> feature. FireceIT Security<\/em><\/a> reports<\/a> that once the attackers gain network access, they deploy Backoff POS malware.\u00a0 steal customer payment data and hide the theft using encryption. <\/strong>\u00a0An alert<\/a> was issued by US-CERT<\/a><\/strong> on 07-31-2014 that explained how the malware gets installed.<\/p>\n

At the time of discovery and analysis, the [Backoff] malware variants had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious<\/em><\/p>\n

\"malware\"<\/a>US-CERT has informed anti-virus vendors<\/strong> of the threat from Backoff malware<\/a> and they will be updating their software<\/strong> to detect and block the malware. The malware can scrape memory for track data, log keystrokes, engage in command and control communication, and inject a malicious stub<\/strong> into explorer.exe that ensures “persistence in the event the malicious executable crashes or is forcefully stopped.”<\/p>\n

The article concludes, “The impact of a compromised POS system<\/strong> can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit\/debit card numbers<\/strong>, phone numbers, and e-mail addresses to criminal elements. These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts.<\/p>\n

rb-<\/em><\/strong><\/p>\n

\"LessonIf mega-firms like Target can be breached, what chance do small mom-and-pop POS firms in schools, food trucks, kiosks at the airport stand? I say not much. I have worked with several POS vendors and it seems they barely understand their own product, let alone SSL certs, VPNs. <\/em><\/p>\n

Here are some tips from Verizon\u2019s 2012 research<\/a> into security breaches affecting companies that use POS systems to process customer payments. Make sure your POS vendor does the following: <\/em><\/p>\n

1.\u00a0 Change administrative passwords on all POS systems.<\/strong> (Hackers are scanning the Internet for easily guessable passwords).<\/em><\/p>\n

2.\u00a0 Implement a firewall or access control list on remote access \/administration services.<\/strong> (If hackers can\u2019t reach your systems, they can\u2019t easily steal from it).<\/em><\/p>\n

3.\u00a0 Avoid using POS systems to browse the web<\/strong> (or anything else on the Internet).<\/em><\/p>\n

4.\u00a0 Make sure your POS is a PCI DSS compliant<\/a> application<\/strong> (ask your vendor) <\/em><\/p>\n

5.\u00a0 Use password management software like LastPass<\/a> to generate secure passwords. <\/strong>(<\/em>LastPass<\/em> allows you to avoid storing passwords in your browsers and can generate ready-to-use secure passwords for you).<\/p>\n

Related articles<\/h6>\n