Protect your point-of-sale systems from the rapidly-increasing ‘Backoff’ malware threat

  • Team Omega
  • February 10, 2015

“Backoff” is a form of malware that uses forms of remote desktop connections to gain access into POS machines. Once remote desktop access has been discovered, hackers attempt to brute force their way in to the machines.

There are several ways to protect systems from “Backoff”:

If a business must use remote desktop access, there should be settings in place to lockout a computer after a set time of inactivity. The number of users with access to a machine should also be limited. Each user that needs access to the machine must have individual usernames and passwords. The passwords must be complex and expire every 90 days. Universal guest or administrator accounts should be disabled, and a second form of authentication is also needed for any user with access to a machine with in the cardholder data environment (CDE). Connections should be encrypted and firewalls should be in place.

Omega protects customers systems in all of these ways.  Individual users:

  • Have unique accounts and passwords
  • Passwords are complex and expire every 90 days
  • A second form of authentication is provided to gain access to the console
  • Users can be granted different levels of access to systems
  • Sessions are terminated after 15 minutes of inactivity
  • All communication through the Omega console is encrypted
  • Omega helps customers configure firewalls to ensure maximum security

For business network security:  only allowed ports, services, and IP addresses with specific business needs should be allowed to communicate through the firewall. CDE environments should be segregated from other business networks. Access control lists should be set up in router configurations that limit traffic to payment processing networks. Tools should be implemented to detect irregular network traffic and behavior by authorized users.

Omega protects networks by:

  • Advising customers on router configurations for maximum security
  • Working with customers IT department on segregating networks
  • Advising customers on setting up access control lists
  • Monitoring logs for suspicious behavior and storing logs for 365 days

For maximum cash register and POS security, machines must be kept up to the latest patching levels, antivirus and antimalware software must be kept up to date, and intrusion detection systems must be used. Third party updates must be validated, users must perform checksum comparisons to ensure unauthorized files are not present, logs must be monitored and kept for events, systems should be reviewed for dormant or unknown users, and unnecessary ports must be disabled.

Omega ensures this protection for customers by:

  • Patching systems weekly to ensure systems are up to date
  • Running File integrity monitoring to detect file changes
  • Having Intrusion detection systems in place to detect unauthorized machines or activity
  • Monitoring and storing system logs for 365 days
  • Providing up to date anti-virus and anti-malware software that scans daily
  • Approving only third party patches with specific company needs
  • Setting policies to alert for dormant users
  • Advising on router port configuration

For help on your organization’s data security needs, email pci@www.omegasecure.com or call 636-557-7777.