Detecting Point of Sale Malware

Every day seems to bring a fresh report of yet another POS breach and the release of yet another batch of credit card numbers stolen by one of the variants of the BackOff point of sale exploit. You have to be asking yourself at this point why haven’t security companies been able to come up with a way to detect and remove this malware?  It has been around for almost two years and yet we still see new attacks popping up all over.  Why can’t we get this stopped?

BackOff and its cousins have been around since October 2013, and were at the heart of the Target breach, and virtually all of the other POS attacks affecting over 100 retailers in the last two years, according to the Privacy Rights Clearinghouse.  Some of the more recent breaches have been affecting non-retail POS systems such as those found at parking ramps.

The answer is that most anti-virus and malware providers products will detect and remove BackOff.  The problem is that many small businesses may not be using security software on their POS systems because of communication problems caused by the onboard firewall.  The other problem is that one of the first things that a cyber-criminal does after making a successful remote access connection via a Trojan horse, will be to disable, turn off, or remove the security products they find on the target system.

This may be a problem for you if your small business is running a point of sale system, especially if that system is running in Windows, especially if that Windows system is the currently unsupported Windows XP (Yes, you know who you are! And so do the cyber-crooks!)  You may be inadvertently sending customer credit card data to cyber-criminals in Russia, India or Brazil.  If your credit card processor is the first one to notify you of a breach, you may find your company is saddled with fines and penalties that you just can’t afford.

Your best option is to get your POS systems checked over by a cybersecurity professional.  These professionals know where to look to find the hidden traces of the BackOff program, and will be able to get your system cleaned up and properly secured.

For more information:


About the Author:

I am a cybersecurity and IT instructor, cybersecurity analyst, pen-tester, trainer, and speaker. I am an owner of the WyzCo Group Inc. In addition to consulting on security products and services, I also conduct security audits, compliance audits, vulnerability assessments and penetration tests. I also teach Cybersecurity Awareness Training classes. I work as an information technology and cybersecurity instructor for several training and certification organizations. I have worked in corporate, military, government, and workforce development training environments I am a frequent speaker at professional conferences such as the Minnesota Bloggers Conference, Secure360 Security Conference in 2016, 2017, 2018, 2019, the (ISC)2 World Congress 2016, and the ISSA International Conference 2017, and many local community organizations, including Chambers of Commerce, SCORE, and several school districts. I have been blogging on cybersecurity since 2006 at

Add a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.