Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Malware & Threats

PCI Security Standards Council Urges Retailers Take Action Against Point-of-Sale Malware

The Payment Card Industry (PCI) Security Standards Council is encouraging retailers to take steps to better protect themselves from the Backoff point-of-sale (PoS) malware that has been tied to attacks on 1,000 organizations.

The Payment Card Industry (PCI) Security Standards Council is encouraging retailers to take steps to better protect themselves from the Backoff point-of-sale (PoS) malware that has been tied to attacks on 1,000 organizations.

The Backoff malware was the subject of a recent warning from the U.S. Secret Service and the Department of Homeland Security. It is part of a growing list of malware targeting point-of-sale systems that has sent the retail industry looking for answers.

According to the council, organizations should ensure they have the most recent and up-to-date antivirus protection against Backoff and similar malware and run it immediately. In addition, retailers should review all system logs for strange or unexplained activity, in particular any large data files being sent to unknown locations. Finally, the council recommends retailers change all default passwords on systems and applications.

In an advisory in July, the Department of Homeland Security noted that in many attacks, hackers are taking advantage of solutions such as Apple Remote Desktop, Splashtop 2 and Microsoft Remote Desktop to hijack computers by brute forcing the solution to gain access. Ultimately, after gaining access to a privileged account, the attackers deployed their malware.

“Our Trustwave researchers have identified and analyzed eight different versions of the Backoff malware thus far which means that the criminals are continuing to update it,” said Karl Sigler, threat intelligence manager at Trustwave. “Criminals have primarily targeted third party vendors that sell and support PoS systems for businesses. They infect PoS systems with Backoff mainly by exploiting poor passwords for remote access support software. In many cases, the criminals scanned for those PoS systems that were opened up to the public internet and then logged into those with weak passwords.”

“Now that the indicators of compromise (IoCs) are public, we expect to see more Backoff victims,” he added. “IoCs are specific malware attributes that make them unique and identifiable, such as directory and file names, registry keys, network traffic and file hashes. Anti-virus vendors can use the IoCs to create signatures to flag the malware. Forensic professionals also use IoCs to identify the signs that indicate a Backoff breach.”

In addition to its other recommendations, the council urged retailers to consider implementing PCI-approved point-of-interaction (POI) devices that support the secure reading and exchange (SRED) of data, which encrypts data at the point of capture and would prevent exposure of clear-text data within the ECR or similar POS systems.

“Merchants should also consider implementing a PCI-approved point-to-point encryption (P2PE) solution which includes SRED devices and protects the data until received by the secure decryption facility,” according to the council’s advisory. “Should systems be found to be infected or unusual activity suspected, organizations should contact their acquiring bank immediately.”

Advertisement. Scroll to continue reading.

Regarding malware specifically, the council said organizations should review the following security risk mitigating control areas outlined in PCI Data Security Standard (PCI DSS) 3.0:

 Proper firewall configuration – Requirement 1

 Changing vendor defaults and passwords on devices and systems – Requirement 2

 Regularly updating anti-virus protections – Requirement 5

 Patching systems – Requirement 6

 Limiting access and privileges to systems – Requirements 7,9

 Requiring 2-factor authentication and complex passwords – Requirement 8

 Inspection of POS devices – Requirement 9

 Monitoring systems to allow for quick detection – Requirements 10, 11

 Implementing sound security policies for preventing intrusions that may allow malware to be injected – Requirement 12

 Managing third party access to devices and systems, and specifically remote access from outside a merchant’s network –– Requirements 8, 12

“Businesses, whether in PoS or other industries, must not rely on antivirus and start taking a proactive approach in protecting their environment and (customer) data,” advised Joe Schumacher, senior security consultant at Neohapsis Labs. “A proactive approach in securing the business technology starts with network isolation or adding secure layers between untrusted and trusted environments.”

“IT operations,” he continued, “should push the business to invest in secure, robust authentication methods that protect the accounts accessing the business network and data. Furthermore, some examples of processes that must be defined include, at minimum, vulnerability/patch management, secure configuration deployments, reviewing firewall rule sets and user provisioning.”

Written By

Marketing professional with a background in journalism and a focus on IT security.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Cybercrime

The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Malware & Threats

Unpatched and unprotected VMware ESXi servers worldwide have been targeted in a ransomware attack exploiting a vulnerability patched in 2021.

Cyberwarfare

An engineer recruited by intelligence services reportedly used a water pump to deliver Stuxnet, which reportedly cost $1-2 billion to develop.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Cybercrime

No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.