Backoff malware affects thousands of POS systems

August 25, 2014 Arctic Wolf Networks

A new malware warning has been issued by The National Cybersecurity and Communications Integration Center and the U.S. Secret Service alerting businesses to the reemergence of the Backoff malware that wrought havoc on Target last year.

Cybercriminals use the Backoff malware to target point-of-sale systems and remotely access the credit card data stored on them. If left undetected, the malware can perform a variety of malicious actions, including keylogging, scraping the system for payment card data and reporting findings back to command and control servers. Backoff has also been known to install backups that will automatically repopulate a system with the malware if it is somehow deleted or stopped.

An estimate by the Secret Service suggests over 1,000 businesses in the U.S. have been affected by the malware, and the Department of Homeland Security believes that many more victims have likely been infected and aren't aware of it yet. According to the NCCIC, Backoff is especially dangerous because it is extremely hard to detect with traditional antivirus software.

"At the time of discovery and analysis, the malware variants had low to zero percent antivirus detection rates, which means that fully updated antivirus engines on fully patched computers could not identify the malware as malicious," read a statement by the NCCIC.

Seven POS system vendors have all reported having multiple customers infected with the malware. While the NCCIC has yet to publish the names of the businesses affected, some have voluntarily come forward, including UPS and the Supervalu grocery chain.

When traditional antivirus software fails to detect malware, companies should consider implementing security information and event management services. Concierge SIEM services monitor network activity around the clock to identify any suspicious or anomalous behavior. This activity is then analyzed and used to create actionable defense information to protect enterprise systems.

Previous Article
PlayStation Network knocked offline after being hit by cyberattack

Sony's PlayStation Network was knocked offline over the weekend after being hit by a distributed denial of ...

Next Article
New university data breaches highlight need for SIEM services

A security incident at the University of Louisiana at Monroe followed an announcement by the North Dakota U...


Want cybersecurity updates delivered to your inbox?

First Name
Last Name
Thanks for subscribing!
Error - something went wrong!