In August of this year, the US Department of Homeland Security issued a notice stating that Backoff malware was infected with pos, and the government agency claimed that the malware may have infected more than 1,000 US companies. Earlier this year, the FBI issued a similar announcement stating other RAM-scraping malware variants, but despite these warnings, new research indicates that attackers continue to use Backoff for devastating effects.
In the third quarter infection report of advanced threat detection provider Damballa, the vendor monitored Backoff malware infections of some corporate customers who allowed the vendor to scan their POS traffic. While security experts describe Backoff as a fairly standard variant of RAM-scraping POS malware, Backoff has attracted widespread attention because of the involvement of some retailer data breaches in the past year, including Neiman Marcus and Sally Beauty Supply. PF Chang and the recent Dairy Queen event.
According to Damballa's research, these retailers are just the tip of the iceberg in terms of the number of potential Backoff victims. From the beginning of August (US-CERT released the first Backoff announcement on July 31) to the beginning of September, the supplier found that Backoff infection increased by 57%. Despite warnings from the US Department of Homeland Security, which also provided retailers with guidance on how to avoid Backoff, Damballa found that the infection rate increased by 27% from the beginning of September to the end of September.
Damballa CTO Brian Foster said that too many retailers still rely on traditional anti-virus technology to protect the security of POS systems, although the US Department of Homeland Security has proposed a number of additional precautions in the announcement, including protection being exploited by attackers to spread Backoff's remote desktop application, as well as configuring the firewall to accept only known IP addresses and ports.
In this case, the author of Backoff will be able to continue to slightly modify the malware code to bypass the anti-virus product. To prove how easy this process is for an attacker, Damballa's researchers tested the Sinowal malware on 55 AV products and found that 45 products were able to detect it. Then, the researchers changed the Sinowal malware to the Windows Help program file, which took less than two minutes and found that only one of the 55 AV products could detect the new file.
Foster pointed out that the retail industry's response to Backoff is particularly worrying in the face of the upcoming US holiday shopping season, which is the most profitable period for these companies, but if they are attacked like Target in 2013, This is not the case.
“Companies don’t transfer their POS traffic to a central location very well, so they can monitor malicious activity,†Foster said. “I’m sure that at the end of the shopping season, antivirus products can detect Backoff well, but At that time, the attacker may have moved to another variant."
Foster called on retailers to rethink how they protect the POS environment and increase the often low security budget. Earlier this year, consulting firm IDC Retail Insights found that the security spending of each store in the US retail industry was 2% of the overall technical budget. .
From a consumer perspective, Foster said mobile wallets (such as the new Apple Pay platform, Google Wallet, etc.) may offer a safer shopping experience than using a payment card. Consumers should also pay close attention to announcements from banks and credit card companies about any unusual activity.
Most importantly, Foster encourages consumers to protect their wallets and punish retailers who do not deploy the necessary security measures to protect against Backoff and other POS malware variants that are certain to occur.
"You can look at Target and its post-accident statement, which they claim is a major blow to their business, but then we see all other retailers also being hit," Foster said. "So, I hope to see consumers let Retailers are responsible for protecting their data."
Manual Coffee Grinder,Coffee Grinder,Manual Grinder,Coffee Bean Grinder
Yongkang Lianyang Industry & Trade Co., Ltd , https://www.yklianyangs.com