<iframe src="//www.googletagmanager.com/ns.html?id=GTM-TR8PWW" height="0" width="0" style="display:none;visibility:hidden">

With “Backoff” POS Malware, Attackers Use Your Security Tools Against You

Blog

Subscribe to Email Updates

We promise to send you awesome stuff you'll want to read more than once.

Yesterday the US Department of Homeland Security issued a warning to US businesses against a new POS malware attack called “Backoff”. The attackers are targeting common remote access systems like Microsoft Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop, Pulseway and join.me. To make matters worse, this little bug is difficult for anti-virus software to detect.

US-CERT issued the warning along with mitigation steps that organizations should take which you can view here. The warning contains the following recommendations designed to prevent data loss and detect malicious behavior related to this new threat:

  • Implement data leakage prevention/detection tools to detect and help prevent data exfiltration
  • Implement tools to detect anomalous network traffic and anomalous behavior by legitimate users (compromised credentials)

When attackers go after your remote access systems they are doing it knowing full well that these systems provide access to high value data and that they are cloaked in encryption - which you unwittingly provided to them. If you aren’t monitoring your encrypted traffic at the network level it may be difficult to impossible for you to detect anomalous behavior or a compromised identity.

Malware like "Backoff" is designed to exploit the fact that most organizations do not monitor or control their encrypted traffic. Despite the risk, many companies rely on traditional privileged access management (PAM) solutions (ie. jump hosts) and end point security alone to do the job. Unfortunately, as most of the 600 or so companies that have already been victimized by this latest attack could probably tell you, traditional approaches to defending against attackers targeting encrypted networks just don't work very well.

Fill in the gaps in your network security. An encrypted channel monitoring solution will provide you with network level visibility into your encrypted traffic and enable your SIEM and DLP solutions to stop would-be attackers or malicious insiders before they can compromise or exfiltrate your data. The message is simple; don’t let the bad guys use your own security tools against you.

Book the demo

AuthorJason Thompson

Former Vice President of Worldwide Marketing Jason served as Vice President of Worldwide Marketing until October 2014.

OPT IN for our newsletter

To be honest, we don’t do much outbound marketing. So if you give us your email, we’re unlikely to spam you.

Subscribe to Email Updates

Want to know more about SSH.COM solutions?

We design best-of-breed commercial solutions for secure access that help our customers win in the global data economy.

Read more about our solutions

Related posts from the SSH.COM blog