In July, Homeland Security warned of the Backoff POS malware threat, which has the ability to steal cardholder data and customer personal information. Their Computer Emergency Response Team (US-CERT) announced this week that it is aware of Backoff being used to compromise a significant number of major enterprise networks, as well as small and medium businesses. They encourage administrators and operators of Point-of-Sale (POS) systems to review the July 31st Backoff malware alert to help determine if their network may be affected. Organizations that believe they have been infected with Backoff are also encouraged to contact their local US Secret Service Field Office.
Since Homeland Security warned of Backoff, there has been a flood of high profile POS compromise revelations. The US Secret Service has reported that at least 1,000 retailers have been compromised by Backoff and that the 7 largest makers of Point-of-Sale systems report having their customer systems infected. Breaches at the UPS Store and 2 of the largest Supermarket chains, Supervalu and AB Acquisition are just a few of the high profile businesses believed compromised by Backoff.
Why POS is Vulnerable
Most POS systems consist of desktop computer running the Windows operating system and several POS devices directly connected. Windows is a well understood and high profile target for hackers. In too many cases, the POS computer is treated like all other desktops on the operator’s network, with the standard endpoint protection of antivirus and personal firewall.
Most endpoint security is vulnerable to zero day malware, where the threat has not yet been discovered by the vendor and their signature files not yet updated. Malware creators are very good at modifying the files of known malware so that, for a time, they will be undetected as a threat. BlackPOS, the malware used in the Target Data breach, was “in the wild” at least 3 months before being discovered and most antivirus systems were updated to deal with it. According to Verizon’s 2014 Data Breach Report, 85% of POS intrusions compromised the target for more than 2 weeks before being detected.
By the time the malware attacker your system is discovered it may be too late.
That is why Comodo’s Internet Security for the desktop and Endpoint Security Manager for the enterprise are designed to deal with zero day threats in a way that no other product does. Their unique “Default Deny” architecture ensures that malicious software are never allowed to be run by the operating system and have access to the file system. If a program is not confirmed as safe it can only run in a sandbox, an isolated system area that is safe and secure.
Comodo has expanded on this “containerization” concept with SecureBox, a client software that provides maximum protection for endpoints and servers they communicate with. SecureBox is highly recommended for POS systems.