Online tools that help millions of Americans work from home may be exposing both workers and businesses to cybersecurity risks, a new report from the Department of Homeland Security has found.
Newly discovered malware, dubbed "Backoff," was found to have infiltrated computer networks through commonly used remote desktop software such as Microsoft's Remote Desktop, Apple Remote Desktop and Chrome Remote Desktop, says the report.
"Backoff" was used for a number of attacks on retailers, analysts found, and it was almost never detected by standard anti-virus software.
Hackers used it to retrieve customers' credit card data through several retailers' Point of Sale (PoS) systems, the Homeland Security report said without naming the retailers affected. Citing anonymous sources, the New York Times reported that they include Target, Neiman Marcus, P.F. Chang's, Sally Beauty Supply and Goodwill Industries International.
In the Target security breach last winter, hackers apparently gained access to the company's computers and PoS system through the network of a third-party vendor, later identified as a heating and refrigeration company that did business with Target.
Working with the Secret Service, the National Cybersecurity and Communications Integration Center, and Chicago-based Trustwave Spiderlabs, experts found that several variations of "Backoff" have been active since October 2013, and have been linked to at least three separate forensic investigations. The malware's capabilities include logging keystrokes, uploading discovered data, updating malware and executing further malware.
The Homeland Security report also suggested some strategies to help prevent attacks by "Backoff" or other types of PoS malware. They include:
- Configure a remote desktop client to lock user accounts after multiple failed log-in attempts.
- Require two-factor authentication, especially when accessing payment process networks.
- Separate payment processing networks from other networks.
- Make sure operating systems are up to date, with the latest antivirus software available.
More than three million employees telecommuted as of 2012, according to data released by Global Workplace Analytics, and many use some version of the remote access software vulnerable to this security breach.
Now that details of "Backoff" have been published, Homeland Security says it expects companies will quickly update their anti-virus software to detect it.
But even after this particular security gap is addressed, Point of Sale systems will remain a tempting target for cybercriminals. According to a Symantec report released in February, attackers who steal credit card numbers as well as the cards' security codes from a retailer's PoS system can turn around and sell the data for up to $100 per card.
Symantec also noted that the most common attack route against PoS systems is through the corporate network, such as email servers -- and as today's Homeland Security report makes clear, through remote access clients.