Retailers warned to act now to protect against Backoff malware

[InfoSec News <alerts () infosecnews org>]

http://www.computerworld.com/article/2599724/data-security/retailers-warned-to-act-now-to-protect-against-backoff-malware.html

By Jaikumar Vijayan
Computerworld
Aug 27, 2014

The Payment Card Industry Security Standards Council on Wednesday issued a 
bulletin urging retailers to immediately review their security controls to 
ensure point-of-sale systems are protected against "Backoff," a malware 
tool that was used in the massive data theft at retailer Target last year.

The bulletin instructed all covered entities to update their antivirus 
suites and to change default and staff passwords controlling access to key 
payment systems and applications.

The council, which is responsible for administering the PCI security 
standard, also urged merchants to inspect system logs for strange or 
unexplained activity, especially those involving transfers of large data 
sets to unknown locations.

"The PCI Council additionally recommends that merchants consider 
implementing PCI-approved point-of-interaction (POI) devices" for 
encrypting credit and debit card data as the card is swiped or dipped into 
a payment terminal. Merchants should also consider deploying 
point-to-point encryption technologies to ensure that card data remains 
protected until received by a secure decryption facility, the advisory 
noted.

[...]



--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/