Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Cybercrime / Backoff Hack Hits 1,000+ Businesses
Backoff Malware Hits 1,000+ Businesses, Likely More
Backoff Malware Hits 1,000+ Businesses, Likely More
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
More than 1,000 businesses across the U.S. might have been affected by a new kind of point-of-sale (PoS) malware, according to an Aug. 22 advisory from the U.S. Department of Homeland Security. The "Backoff" malware has been widely reported to be the same one responsible for last year's major IT security breach at Target, and DHS also believes it to be behind a more recent hacking incident at The UPS Store chain.

Backoff takes advantage of applications that let remote users connect with a company's in-house computer networks. Hackers have been using the malware to log into businesses' PoS systems, which are used to process sales, and access payment information.

DHS first identified Backoff in October 2013, and has discovered several other variants since then, the most recent one being found in May of this year. Since its investigation began, the agency says it has confirmed that seven PoS vendors or providers with more than 1,000 business customers have been affected by the malware.

The DHS has been conducting its investigation with the help of the National Cybersecurity and Communications Integration Center; the U.S. Secret Service; the Financial Services Information Sharing and Analysis Center; and Trustwave, a Chicago-based cyber-security company.

'We'll Probably See More'

Karl Sigler, Trustwave's manager of threat security, told us it wasn't surprising that more likely victims of the malware have been found since the DHS's last warning was issued in August. Once Backoff's telltale signs -- called "indicators of compromise" (IoCs) -- were made public, investigators expected to hear reports of security breaches from many other organizations, he said.

"We'll probably still see more," Sigler added.

While investigators continue working to identify and apprehend the criminal or criminals behind Backoff, businesses can take security measures to reduce their chances of malware attacks. Sigler recommended that companies follow cyber security best practices such as using strong passwords -- or better yet, passphrases like "MyD0gLikesPizza" that are "easier to remember, and lengthy."

Other proactive security measures businesses can take include monitoring for unusual network traffic and changing the default ports used by their remote access software, Sigler said.

'Tip of the Iceberg'

In its latest advisory, DHS recommends that businesses that believe they might have been affected by Backoff should contact their PoS providers, anti-virus vendors and IT service partners and ask for an assessment of any compromises or vulnerabilities. Companies should also contact their local Secret Service field office to report any possible incidents.

Because Backoff wasn't identified until fairly recently, its presence was not detected by even the most up-to-date anti-virus software.

"Now that the IoCs are out there, anti-virus vendors can create signatures to flag the malware and forensic pros know what to look for, I predict many more businesses will find themselves infected," Sigler said in a Trustwave blog post. "This is just the tip of the iceberg, but only time will tell how far this reaches."

Sigler told us the increased public awareness of the threat will now make it possible to "be able to minimize the damage."

"Hopefully, we'll be able to catch the criminals behind it," he said. "I'm glad the awareness is out there and it's helping people to find and eradicate this."

Tell Us What You Think


Posted: 2014-08-25 @ 2:12pm PT
Here's a direct link to the DHS advisory:

Test Lab:
Posted: 2014-08-25 @ 1:25pm PT
no link to the advisory

Like Us on FacebookFollow Us on Twitter
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.