HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 7 MINUTES AGO.
You are here: Home / Network Security / Backoff Hack Hits 1,000+ Businesses
BMC IT solutions:
IT products & services for the ultimate competitive business advantage.
BMC.com
Backoff Malware Hits 1,000+ Businesses, Likely More
Backoff Malware Hits 1,000+ Businesses, Likely More
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
25
2014

More than 1,000 businesses across the U.S. might have been affected by a new kind of point-of-sale (PoS) malware, according to an Aug. 22 advisory from the U.S. Department of Homeland Security. The "Backoff" malware has been widely reported to be the same one responsible for last year's major IT security breach at Target, and DHS also believes it to be behind a more recent hacking incident at The UPS Store chain.

Backoff takes advantage of applications that let remote users connect with a company's in-house computer networks. Hackers have been using the malware to log into businesses' PoS systems, which are used to process sales, and access payment information.

DHS first identified Backoff in October 2013, and has discovered several other variants since then, the most recent one being found in May of this year. Since its investigation began, the agency says it has confirmed that seven PoS vendors or providers with more than 1,000 business customers have been affected by the malware.

The DHS has been conducting its investigation with the help of the National Cybersecurity and Communications Integration Center; the U.S. Secret Service; the Financial Services Information Sharing and Analysis Center; and Trustwave, a Chicago-based cyber-security company.

'We'll Probably See More'

Karl Sigler, Trustwave's manager of threat security, told us it wasn't surprising that more likely victims of the malware have been found since the DHS's last warning was issued in August. Once Backoff's telltale signs -- called "indicators of compromise" (IoCs) -- were made public, investigators expected to hear reports of security breaches from many other organizations, he said.

"We'll probably still see more," Sigler added.

While investigators continue working to identify and apprehend the criminal or criminals behind Backoff, businesses can take security measures to reduce their chances of malware attacks. Sigler recommended that companies follow cyber security best practices such as using strong passwords -- or better yet, passphrases like "MyD0gLikesPizza" that are "easier to remember, and lengthy."

Other proactive security measures businesses can take include monitoring for unusual network traffic and changing the default ports used by their remote access software, Sigler said.

'Tip of the Iceberg'

In its latest advisory, DHS recommends that businesses that believe they might have been affected by Backoff should contact their PoS providers, anti-virus vendors and IT service partners and ask for an assessment of any compromises or vulnerabilities. Companies should also contact their local Secret Service field office to report any possible incidents.

Because Backoff wasn't identified until fairly recently, its presence was not detected by even the most up-to-date anti-virus software.

"Now that the IoCs are out there, anti-virus vendors can create signatures to flag the malware and forensic pros know what to look for, I predict many more businesses will find themselves infected," Sigler said in a Trustwave blog post. "This is just the tip of the iceberg, but only time will tell how far this reaches."

Sigler told us the increased public awareness of the threat will now make it possible to "be able to minimize the damage."

"Hopefully, we'll be able to catch the criminals behind it," he said. "I'm glad the awareness is out there and it's helping people to find and eradicate this."

Tell Us What You Think
Comment:

Name:

Ed.:
Posted: 2014-08-25 @ 2:12pm PT
Here's a direct link to the DHS advisory:
https://www.us-cert.gov/ncas/alerts/TA14-212A

Test Lab:
Posted: 2014-08-25 @ 1:25pm PT
no link to the advisory

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Get Powerful App Acceleration with Cisco. In a world where time is money, you need to accelerate the speed at which data moves through your data center. Cisco UCS Invicta delivers powerful, easy-to-manage application acceleration for data-intensive workloads. So you can make decisions faster and outpace the competition. Learn More.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business

ENTERPRISE HARDWARE SPOTLIGHT
Making a major change to its usually staid design philosophy, HP unveiled an all-in-one PC with built-in projector and surface-enabled touch, designed to make 3D scanning and printing easy.
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.