Your BBB has reported various business security breaches over the last few years.
Over the past year, the Secret Service has responded to over 1,000 business network intrusions impacted by malware known as “Backoff”. Seven Point of Sale system providers/vendors confirmed they had multiple clients of all sizes affected. Suspects are using publicly available tools to locate businesses that use remote desktop applications, allowing connection to a computer from a remote location. Once located, suspects attempt to brute force login features of remote desktop solutions. After gaining access to administrator or privileged access accounts, suspects are then able to deploy point-of-sale (PoS) malware and extract consumer payment data via an encrypted POST request.
Organizations that believe they have been impacted should contact their Local Secret Service Field Office.
Just a few of the things businesses can do to minimize their risk include:
Configure user account lockout settings to lock account after a period of time or specified number of failed login attempts.
Limit the number of users and workstations who can log in using Remote Desktop.
Use firewalls (both software and hardware where available) to restrict access.
Define complex password parameters, expiration time and password length.
Require two-factor authentication (2FA) for remote desktop access, accessing payment processing networks, and where feasible.
Install a Remote Desktop Gateway to restrict access.
Add an extra layer of authentication and encryption by tunneling your Remote Desktop through IPSec, SSH or SSL.
Limit administrative privileges for users and applications.
Periodically review local and domain system controllers) for unknown and dormant users.
Review firewall configurations and ensure that only allowed ports, services and Internet protocol (IP) addresses are communicating with your network.
Change Remote Desktop listening port from its default of TCP 3389.
Segregate payment processing networks from other networks.
Apply access control lists (ACLs) on the router configuration to limit unauthorized traffic to payment processing networks.
Implement tools to detect anomalous network traffic and behavior by legitimate users.
Implement hardware-based point-to-point encryption.
Deploy the latest version of an operating system, updated with security patches, anti-virus software, file integrity monitoring and host-based intrusion-detection system.
Assign a strong password to security solutions to prevent application modification.
Perform a binary or checksum comparison to ensure unauthorized files are not installed.
Ensure any automatic updates from third parties are validated.
Perform a checksum comparison on the updates prior to deploying them on PoS systems.
Disable unnecessary ports and services, null sessions, default users and guests.
Enable event logging and make sure there is a process to monitor logs on a daily basis.