U.S. Warns Retailers On The New ‘Backoff’ Malware Striking Sales Systems

The United States Computer Emergency Readiness Team warned retailers Thursday about a family of malware that allows hackers to access computer networks and steal customer data.

The newly discovered malware, dubbed “Backoff,” was used for a number of attacks on retailers, analysts found during three forensic investigations of point-of-sale breaches and it was almost never detected by standard anti-virus software.

U.S. Warns Retailers On The New 'Backoff' Malware Striking Sales Systems

U.S. Warns Retailers On The New ‘Backoff’ Malware Striking Sales Systems

The Department of Homeland Security’s security bulletin said the malware was found to have infiltrated computer networks through the commonly used remote tools that permit people to access business networks from home or outside. These include Apple Remote Desktop, Microsoft’s Remote Desktop, Chrome Remote Desktop and others.

“Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution,” the DHS bulletin said. “After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently infiltrate consumer payment data.”

Hackers used it to recover customer’s credit card information through various retailers’ Point of Sale (PoS) systems, the Homeland Security report said without naming the retailers affected. However, the New York Times reported that they include Neiman Marcus, Target, Sally Beauty Supply, P.F. Chang’s and Goodwill Industries International.

The security experts and the government said that they have found evidence of hackers using this malware beginning October 2013, and continuing to the present. The DHS Computer Emergency Readiness Team said retailers should step up defences against the new tool.

The report said most anti-virus programs have been incapable of identifying or blocking the malicious software introduced by the hackers. But with the release of technical information, security companies should be able to amend their programs.

The malware can allow the hackers to scrape data from memory and in some cases use a keylogger to gain access to passwords, control communications and to insert malicious code into explorer.exe.

The DHS said the breaches can affect both the businesses and consumer by exposing customer details such as names, credit and debit card numbers, contact numbers, and e-mail addresses to criminal elements, who can use them to make illegal purchases or risk compromise of bank accounts.

In the meantime, the DHS report also suggested certain strategies to help prevent attacks by malwares. They include, using strong passwords, requiring two-factor authentication and to closely monitor network activity especially while accessing payment process networks, configure a remote desktop client to lock user accounts in case of many unsuccessful log-in attempts and to ensure operating systems are up to date, with the latest antivirus software available.

Carrie Ann
Carrie Ann is Editor-in-Chief at Industry Leaders Magazine, based in Las Vegas. Carrie covers technology, trends, marketing, brands, productivity, and leadership. When she isn’t writing she prefers reading. She loves reading books and articles on business, economics, corporate law, luxury products, artificial intelligence, and latest technology. She’s keen on political discussions and shares an undying passion for gadgets. Follow Carrie Ann on Twitter, Facebook

Recent Posts

Best Electric Bikes for Any Budget & Terrain (2022)

Best Electric Bikes for Any Budget & Terrain (2022)

Industry Leaders has curated details and insights on the five best electric bikes that will be available by 2022.
1 day ago
3 Invaluable Leadership Lessons from Jeff Bezos

3 Invaluable Leadership Lessons from Jeff Bezos

Jeff Bezos is an American entrepreneur with so much experience in leadership and business. We can learn a lot from the New Mexico-born billionaire.
1 day ago
Payhawk raises $112 million in round 2

Payhawk raises $112 million in round 2

Payhawk, the expenses and spend management startup with a focus on European customers, has raised a $112 million Series B round at a $570 million valuation.
2 days ago
US government seeking to lift a stay on workplace COVID-19 rules

US government seeking to lift a stay on workplace COVID-19 rules

The US government has asked a federal court to lift a stay on workplace COVID-19 rules to avoid any risks to public health.
2 days ago
Citadel Founder buys rare copy of US Constitution for $43 million outbidding crypto consortium

Citadel Founder buys rare copy of US Constitution for $43 million outbidding crypto consortium

Citadel Founder Ken Griffin bought a first print of the US Constitution for $43.2 million in a Sotheby auction, the broker house announced Friday.
3 days ago
SoftBank backed Fortress acquires Accordia Golf for $3.5 billion

SoftBank backed Fortress acquires Accordia Golf for $3.5 billion

SoftBank backed Fortress Investment Group is planning to acquire Accordia Golf, which operates around 170 golf courses in Japan, in a $3.5 billion deal.
4 days ago