More than 1,000 businesses across the U.S. might have been affected by a new kind of point-of-sale (PoS) malware, according to an Aug. 22 advisory from the U.S. Department of Homeland Security. The "Backoff" malware has been widely reported to be the same one responsible for last year's major IT security breach at Target, and DHS also believes it to be behind a more recent hacking incident at The UPS Store chain.
Backoff takes advantage of applications that let remote users connect with a company's in-house computer networks. Hackers have been using the malware to log into businesses' PoS systems, which are used to process sales, and access payment information.
DHS first identified Backoff in October 2013, and has discovered several other variants since then, the most recent one being found in May of this year. Since its investigation began, the agency says it has confirmed that seven PoS vendors or providers with more than 1,000 business customers have been affected by the malware.
The DHS has been conducting its investigation with the help of the National Cybersecurity and Communications Integration Center; the U.S. Secret Service; the Financial Services Information Sharing and Analysis Center; and Trustwave, a Chicago-based cyber-security company.
'We'll Probably See More'
Karl Sigler, Trustwave's manager of threat security, told us it wasn't surprising that more likely victims of the malware have been found since the DHS's last warning was issued in August. Once Backoff's telltale signs -- called "indicators of compromise" (IoCs) -- were made public, investigators expected to hear reports of security breaches from many other organizations, he said.
"We'll probably still see more," Sigler added.
While investigators continue working to identify and apprehend the criminal or criminals behind Backoff, businesses can take security measures to reduce their chances of malware attacks. Sigler recommended that companies follow cyber security best practices such as using strong passwords -- or better yet, passphrases like "MyD0gLikesPizza" that are "easier to remember, and lengthy."
Other proactive security measures businesses can take include monitoring for unusual network traffic and changing the default ports used by their remote access software, Sigler said.
'Tip of the Iceberg'
In its latest advisory, DHS recommends that businesses that believe they might have been affected by Backoff should contact their PoS providers, anti-virus vendors and IT service partners and ask for an assessment of any compromises or vulnerabilities. Companies should also contact their local Secret Service field office to report any possible incidents.
Because Backoff wasn't identified until fairly recently, its presence was not detected by even the most up-to-date anti-virus software.
"Now that the IoCs are out there, anti-virus vendors can create signatures to flag the malware and forensic pros know what to look for, I predict many more businesses will find themselves infected," Sigler said in a Trustwave blog post. "This is just the tip of the iceberg, but only time will tell how far this reaches."
Sigler told us the increased public awareness of the threat will now make it possible to "be able to minimize the damage."
"Hopefully, we'll be able to catch the criminals behind it," he said. "I'm glad the awareness is out there and it's helping people to find and eradicate this."
Posted: 2014-08-25 @ 2:12pm PT
Here's a direct link to the DHS advisory:
Posted: 2014-08-25 @ 1:25pm PT
no link to the advisory