There's a classic approach behind many of the retail cyberattacks that make the news: Backoff malware, which sniffs the traffic that flows on a network to identify and steal credit card data passed between point of sale (POS) terminals.
Since 2014, many retail and hospitality companies have been affected. In fact, the U.S. Secret Service estimates Backoff infected at least 1,000 businesses, including Sally Beauty Supply, Staples, Home Depot and White Lodging Services, and is suspected as the culprit in many other breaches.
The malware allows criminals to remotely control the infected system, seizing the credit card data out of memory, writing files with sensitive authentication data and ultimately transmitting the stolen information using standard HTML posts.
There is nothing particularly innovative about how Backoff works, but the completeness of its design and simplicity has allowed some of the biggest credit card thefts in history. Not only is the software itself fairly basic, but hackers can easily obtain a copy of Backoff from the Internet, streamlined so it causes few issues when installing on a remote machine; and it is so well written that it is extremely effective at stealing data once it is in place.
The original Backoff software sent data in clear text that could be detected using a network sniffer, or Intrusion Detection System. The sniffer examined the data traveling over the network and could detect credit card data in the stream, preventing malicious traffic from being sent from the POS system.
Clever cybercriminals, however, tend to stay one step ahead, continually creating new and enhanced versions of malware and other attack techniques. One example is the latest version, Backoff ROM. It was updated with the ability to encrypt outbound credit card data, making sniffer detection and prevention methodology ineffective. To a network sniffer, encrypted data appears as gibberish, removing any patterns that would allow the sniffer to recognize the transmission as credit card data.
Its a harsh reality that a Backoff infection can happen to any merchant. However, if businesses had properly configured firewalls, Backoff would be blocked before any credit card information is lost. In investigating the rash of breaches caused by Backoff, the DHS actually issued a recommendation that included firewalls and network segmentation. In order to be effective, the security provider must have the proprietary technology and expertise to properly prevent Backoff from exporting sensitive payment account information.
Many small to medium sized businesses lack the security expertise required to continually monitor firewall security, keep abreast of the latest threats, and make the adjustments necessary to thwart attacks. A large portion of these businesses mistakenly believe a firewall can be set up once, and will continue to provide adequate protection for an infinite amount of time.
However, effective firewall protection requires a combination of continually updated technology complemented by expert monitoring and adjustment. Having a dedicated security expert managing your firewall can make the difference between a costly breach and a bulletproof defense. A security expert will be able to recognize when an unusual event has occurred, investigate to determine the level of danger posed by the event, and take the appropriate measures to ward off present and future attacks.
In addition, these simple steps can help protect your company network and sensitive data against Backoff and other malware: protect incoming internet traffic; control outbound internet traffic; protect on-premise Wi-Fi; use two-factor authentication; update anti-malware software; and patch all operating systems as soon as security enhancements are released.
Malware will continue to be a significant issue for businesses accepting credit cards in the foreseeable future, and it is key that all businesses become aware of how to secure their environments. It would be irresponsible to ignore the problem or pretend that it could never happen to them. Proper management of security and consistent maintenance should be the goal of any security program. Taking the appropriate steps today will help companies avoid joining the ever-increasing list of businesses that realize they are a hackers latest victim.
Kevin Watson is CEO of Netsurion, which sells data security and computer network management services for multi-location businesses.