August 2, 2014
Homeland Security Warns Of New ‘Backoff’ Point-Of-Sale Malware
redOrbit Staff & Wire Reports - Your Universe Onlinereport issued Thursday, the DHS said the hackers force their way into administrator-level or restricted-access accounts through remote desktop software such as those offered by Microsoft, Apple and Google. Once they gain access, they then deploy the point-of-sale (PoS) malware program known as Backoff to extract consumer payment information using an encrypted POST request.
The DHS describes Backoff as a family of PoS malware that has been linked to at least three separate cyberattacks, according to CIO Today’s Shirley Siluk. It was first detected in October 2013, and several new versions have been identified since then. Furthermore, some variants of the malware are said to be largely undetectable by standard antivirus programs.
“It's completely new malware. Nobody has seen it before,” Karl Sigler, manager of threat Relevant Products/Services security at Chicago-based computer security firm Trustwave (which assisted in the preparation of the report), told Siluk. Despite the previous difficulties in detecting Backoff, however, Sigler and her colleagues believe that the public release of the report could help antivirus companies develop new ways to protect against the threat.
According to Charlie Osborne of ZDNet.com, the 10-page document says that Backoff could not only harm businesses, but could also allow sensitive information such as customer names, addresses and credit card numbers to fall into the wrong hands – allowing hackers to use the information to make fraudulent purchases or commit identify theft.
“For limiting the risk of compromise with this malware, organizations should educate employees and provide an approved method for remote access. Companies should also perform network scans to see if systems have specific ports enabled to provide the remote access services, then follow up to turn off the service,” Joe Schumacher, security consultant at security and risk management consulting company Neohapsis, told Osborne.
Nicole Perlroth of the New York Times added that the report “provides insight into what retailers are up against as hackers find ways into computer networks without tripping security systems,” and should also serve as “a reminder that a typical network is more a sprawl of loosely connected computers than a walled fortress, providing plenty of vulnerabilities – and easily duped humans – for determined hackers.”
Perlroth added that Backoff and its variants perform four different functions: they scrape the memory of in-store payment systems to obtain data from credit and debit cards (including account numbers, expiration dates and PIN numbers); they log keystrokes, such as when customers manually enter PINs, and transmits it back to the source computer; it installs a backdoor into in-store payment machines; and it continually alters the program in order to add new functions or keep it from being detected by cybersecurity experts.
The DHS does not report the victims of the attack, citing the agency’s policy of not commenting on ongoing investigations. However, the New York Times reported that two individuals with knowledge of the investigations said that over a dozen retailers had been affected, including Target, PF Chang’s, Neiman Marcus, Michaels, Sally Beauty Supply and Goodwill Industries International, which was attacked just last month.