US warns of 'Backoff,' latest entry into POS malware market

US Homeland Security has warned businesses to stay on their guard against a newly-detected strain of point-of-sale malware.
Written by Charlie Osborne, Contributing Writer
credit cnet
Credit: CNET

The US Department of Homeland Security has issued an advisory alerting businesses to the existence of Backoff, a new kind of point-of-sale malware which infiltrate retailer computer systems.

The alert, issued on Thursday (.PDF), states that Backoff has been spotted three times in forensic investigations since late 2013 and continues to operate today. The U.S. Computer Emergency Readiness Team said Backoff goes "largely undetected" by most kinds of standard anti-virus software, with detection rates ranging from low to zero.

Backoff is a point-of-sale malware family which consists of four specific capabilities found in most types of the malware. These include scraping memory for track data, keystroke logging, Command and Control (C&C) server communication and the injection of malicious stubs into explorer.exe files. Once a hacker infiltrates a network through remote desktop software and brute force attacks, the malware is then able to use these capabilities to steal credit card data from temporary memory computers, send it along to the C&C center and eventually into the hands of cybercriminals.

The DHS' 10-page advisory says that such point-of-sale malware can not only place businesses and their reputations at risk, but also could expose sensitive data including customer names, addresses, credit card numbers and phone numbers, which can then be used in identity theft or fraudulent purchases.

Joe Schumacher, security consultant at security and risk management consulting company Neohapsis commented:

"For limiting the risk of compromise with this malware, organizations should educate employees and provide an approved method for remote access. Companies should also perform network scans to see if systems have specific ports enabled to provide the remote access services, then follow up to turn off the service.

If a small organization must rely on a third-party for remote access services then trust within the industry should be examined along with security features that can be enabled for protection."

The notice comes as well-known retailers, including Target and Neiman Marcus Group have fallen foul of data breaches, resulting in the theft of millions of credit card records.

Editorial standards