360 Degree Cyber Security, LLC

Small Business POS Malware Threat “BackOff”

Small Business POS Malware Threat “BackOff”

A new and ongoing threat that targets point of sale (POS) applications has emerged, as reported by USCERT. This threat gains access through brute forcing entry via remote access protocols such as Microsoft’s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulse Way, and LogMEIn Join.Me.

Once entry has been made, malware called Backoff is installed. This malware is designed to steal customer information to include payment information.

There are a number of things that can be done to protect you. USCERT just released the advisory, so antivirus applications will pick up on this and make updates to their signatures. At a minimum update your antivirus software definition/signatures. Other steps should be taken.

Contact ItsEmc2 at  info@itsemc2.com today to see if you are at risk and for assistance at dealing with this risk.

Reference: USCERT Alert TA14-212A. https://www.us-cert.gov/ncas/alerts/TA14-212A

About the Author

Chris Wolski author

Chris Wolski is the founder and principle consultant of the small business and municipality focused cyber security firm 360 Degree Cyber Security, LLC. He is currently certified by International Information System Security Certification Consortium as a Certified Information Systems Security Professional and by the SANS Institute as a Global Industrial Cyber Security Professional. Active in the information security community, Chris volunteers his time at BSides Delaware and to various individuals seeking to be mentored in cybersecurity. He is frequently researching industrial devices to discover weaknesses that would present a problem for users of those devices. Chris obtained his start in cyber security in the U.S. Navy where he served in various information security and signals intelligence roles over his 20 year career. He left government service after serving in a position to develop cyber threat intelligence against industrial controls and later on the Joint Chiefs of Staff as a cyber incident handler. Chris has a Bachelor of Science Degree in Cybersecurity from University of Maryland University College and is currently pursuing a Master in Business Administration, also at the University of Maryland University College.

Leave a Reply