- Daily Zen
The United States Computer Emergency Readiness Team warned retailers Thursday about a family of malware that allows hackers to access computer networks and steal customer data.
The newly discovered malware, dubbed “Backoff,” was used for a number of attacks on retailers, analysts found during three forensic investigations of point-of-sale breaches and it was almost never detected by standard anti-virus software.
The Department of Homeland Security’s security bulletin said the malware was found to have infiltrated computer networks through the commonly used remote tools that permit people to access business networks from home or outside. These include Apple Remote Desktop, Microsoft’s Remote Desktop, Chrome Remote Desktop and others.
“Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution,” the DHS bulletin said. “After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently infiltrate consumer payment data.”
Hackers used it to recover customer’s credit card information through various retailers’ Point of Sale (PoS) systems, the Homeland Security report said without naming the retailers affected. However, the New York Times reported that they include Neiman Marcus, Target, Sally Beauty Supply, P.F. Chang’s and Goodwill Industries International.
The security experts and the government said that they have found evidence of hackers using this malware beginning October 2013, and continuing to the present. The DHS Computer Emergency Readiness Team said retailers should step up defences against the new tool.
The report said most anti-virus programs have been incapable of identifying or blocking the malicious software introduced by the hackers. But with the release of technical information, security companies should be able to amend their programs.
The malware can allow the hackers to scrape data from memory and in some cases use a keylogger to gain access to passwords, control communications and to insert malicious code into explorer.exe.
The DHS said the breaches can affect both the businesses and consumer by exposing customer details such as names, credit and debit card numbers, contact numbers, and e-mail addresses to criminal elements, who can use them to make illegal purchases or risk compromise of bank accounts.
In the meantime, the DHS report also suggested certain strategies to help prevent attacks by malwares. They include, using strong passwords, requiring two-factor authentication and to closely monitor network activity especially while accessing payment process networks, configure a remote desktop client to lock user accounts in case of many unsuccessful log-in attempts and to ensure operating systems are up to date, with the latest antivirus software available.