Less than a year after hacks of Target and Neiman Marcus caught the attention of government investigators, and the whole country, Homeland Security is again weighing in on a hack targeting retailers.
This time, the culprit – “Backoff” – is able to establish command-and-control of retail point-of-sale systems, giving hackers free reign to steal customer credit card numbers and other personal information, like email addresses and phone numbers.
According to Homeland Security, malicious actors are able to compromise PoS systems through remote desktop applications – such as LogMeIn, Join.Me, and other similar solutions from Microsoft, Apple and Google – and then use brute force attacks to deploy the PoS malware.
Once they’ve seized control of the desktop, attackers can run roughshod however they please. Variations of Backoff attacks have been traced back as far as October of last year with up to 600 retailers thought to have been affected.
Download a VPN Client or Install a Remote Desktop?
In its release, Homeland Security issued a number of network security solutions retailers can deploy to mitigate the risk of a Backoff attack – some more effective than others.
The first suggestion is for retailers to configure their remote desktop client so that specific users, or IP addresses, are locked out after multiple failed login attempts. Generally, but not always, brute force attacks like Backoff can be prevented this way.
The problem is that denial of access is only a bandage solution. We’ve written it before and we’ll say it again – LogMeIn is not a viable Virtual Private Network (VPN) alternative. Remote desktop solutions create an environment in which user convenience trumps network security, and this convenience is what has made retailers so susceptible to remote desktop attacks.
Although downloading a VPN client creates a more secure network environment than installing a remote desktop service, while still providing user convenience, doing so doesn’t by itself mitigate the threat of Backoff or any other retail PoS attack. In fact, there is never one technology that neutralizes all threats, all the time.
Where we do agree with Homeland Security is in its support for two-factor authentication. As its release says, “even if a virtual private network is used, it is important that [two-factor authentication] is implemented to help mitigate keylogger or credential dumping attacks.” Put simply, two-factor authentication adds another hurdle and makes it harder for hackers to get what they want. This is the same reason we also support the department’s suggestion to update antivirus systems. It’s all about building redundancy into a network security infrastructure and instituting defense in-depth.
Together, the best security technologies such as up-to-date antivirus software, restrictive firewalls and secure VPNs, and employees who are savvy with network security create redundancy in a network security infrastructure and keep hacks like Backoff on the outside looking in.
Want to learn more about remote access VPN?
In Remote Access VPN For Dummies, we cover:
- The full VPN landscape, including hybrid IPsec/SSL VPN solutions
- The evolution of remote access VPN
- How to provide users with secure remote access
- How to simplify remote access VPN and reduce costs