News Feature | September 10, 2014

DHS Updates Backoff Malware Warning

Christine Kern

By Christine Kern, contributing writer

Backoff Malware Update From DHS

The United States Computer Emergency Readiness Team (US-CERT) has updated its warning on the Backoff point of sale (POS) malware. The new release states, “Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the ‘Backoff’ malware. Seven POS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected.”

The Department of Homeland Security (DHS) says Backoff is POS malware that exploits “businesses’ administrator accounts remotely” and exfiltrates “consumer payment data.” The department says the malware was released last October, but was undetectable to current anti-malware software. It’s believed to have infected more than 1,000 US businesses, and DHS is urging firms to check for infection. 

According to the US-CERT warning, “Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications. Remote desktop solutions like Microsoft's Remote Desktop , Apple Remote Desktop , Chrome Remote Desktop , Splashtop 2 , and LogMeIn  offer the ability to connect to a computer from a remote location. Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the POS malware and subsequently exfiltrate consumer payment data via an encrypted POST request.”

Backoff “represents a very real threat to the security of cardholder data in all organizations,” wrote the PCI Security Standards Council, an organization founded by MasterCard, Visa, American Express and other card companies.

“The Secret Service is active in contacting impacted businesses, as they are identified, and continues to work with and support those businesses that have been impacted by this (Backoff) malware,” DHS said in a statement.

In recent days, Dairy Queen, The Home Depot, and UPS Stores launched investigations into the potential breaches created by attacks with the malware — the same used against Target last year.