Another day, another security breach. Today, it’s a number of breaches that may or may not tie together, but all seem to have one thing in common: poor remote access security.
Most notably, the US Department of Homeland Security has issued an advisory regarding the “Backoff Point-of-Sale Malware,” which has been associated with several PoS data breach investigations. The advisory states:
“Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications. Remote desktop solutions like Microsoft's Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMEIn Join.Me offer the convenience and efficiency of connecting to a computer from a remote location. Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently exfiltrate consumer payment data via an encrypted POST request.”