HOME     MENU     SEARCH     NEWSLETTER    
THE ENTERPRISE SECURITY SUPERSITE. UPDATED 14 MINUTES AGO.
You are here: Home / Network Security / Backoff Hack Hits 1,000+ Businesses
Neustar, Inc.
Protect your website & network using real-time information & analysis
www.neustar.biz
Backoff Malware Hits 1,000+ Businesses, Likely More
Backoff Malware Hits 1,000+ Businesses, Likely More
By Shirley Siluk / Enterprise Security Today Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
PUBLISHED:
AUGUST
25
2014
More than 1,000 businesses across the U.S. might have been affected by a new kind of point-of-sale (PoS) malware, according to an Aug. 22 advisory from the U.S. Department of Homeland Security. The "Backoff" malware has been widely reported to be the same one responsible for last year's major IT security breach at Target, and DHS also believes it to be behind a more recent hacking incident at The UPS Store chain.

Backoff takes advantage of applications that let remote users connect with a company's in-house computer networks. Hackers have been using the malware to log into businesses' PoS systems, which are used to process sales, and access payment information.

DHS first identified Backoff in October 2013, and has discovered several other variants since then, the most recent one being found in May of this year. Since its investigation began, the agency says it has confirmed that seven PoS vendors or providers with more than 1,000 business customers have been affected by the malware.

The DHS has been conducting its investigation with the help of the National Cybersecurity and Communications Integration Center; the U.S. Secret Service; the Financial Services Information Sharing and Analysis Center; and Trustwave, a Chicago-based cyber-security company.

'We'll Probably See More'

Karl Sigler, Trustwave's manager of threat security, told us it wasn't surprising that more likely victims of the malware have been found since the DHS's last warning was issued in August. Once Backoff's telltale signs -- called "indicators of compromise" (IoCs) -- were made public, investigators expected to hear reports of security breaches from many other organizations, he said.

"We'll probably still see more," Sigler added.

While investigators continue working to identify and apprehend the criminal or criminals behind Backoff, businesses can take security measures to reduce their chances of malware attacks. Sigler recommended that companies follow cyber security best practices such as using strong passwords -- or better yet, passphrases like "MyD0gLikesPizza" that are "easier to remember, and lengthy."

Other proactive security measures businesses can take include monitoring for unusual network traffic and changing the default ports used by their remote access software, Sigler said.

'Tip of the Iceberg'

In its latest advisory, DHS recommends that businesses that believe they might have been affected by Backoff should contact their PoS providers, anti-virus vendors and IT service partners and ask for an assessment of any compromises or vulnerabilities. Companies should also contact their local Secret Service field office to report any possible incidents.

Because Backoff wasn't identified until fairly recently, its presence was not detected by even the most up-to-date anti-virus software.

"Now that the IoCs are out there, anti-virus vendors can create signatures to flag the malware and forensic pros know what to look for, I predict many more businesses will find themselves infected," Sigler said in a Trustwave blog post. "This is just the tip of the iceberg, but only time will tell how far this reaches."

Sigler told us the increased public awareness of the threat will now make it possible to "be able to minimize the damage."

"Hopefully, we'll be able to catch the criminals behind it," he said. "I'm glad the awareness is out there and it's helping people to find and eradicate this."

Tell Us What You Think
Comment:

Name:

Ed.:
Posted: 2014-08-25 @ 2:12pm PT
Here's a direct link to the DHS advisory:
https://www.us-cert.gov/ncas/alerts/TA14-212A

Test Lab:
Posted: 2014-08-25 @ 1:25pm PT
no link to the advisory

Like Us on FacebookFollow Us on Twitter
TOP STORIES NOW
MAY INTEREST YOU
Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.
MORE IN NETWORK SECURITY
Product Information and Resources for Technology You Can Use To Boost Your Business
© Copyright 2014 NewsFactor Network, Inc. All rights reserved. Member of Accuserve Ad Network.