'Malicious actors' are using a new variety of malware to access consumer payment data
remotely through point-of-sale (PoS) systems, according to a new report released Thursday by the U.S. Department of Homeland Security (DHS).
The "Backoff" malware takes advantage of applications like Microsoft's Remote Desktop and Apple Remote Desktop that let remote users -- telecommuting employees or independent contractors, for example -- connect with a company's in-house computer network. Hackers are employing the malware to connect with PoS systems operated by retailers and other businesses, then using brute force to log into those systems remotely.
"At the time of discovery and analysis, the malware variants had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious," said the DHS report, which was prepared with the help of the National Cybersecurity and Communications Integration Center; the U.S. Secret Service; the Financial Services Information Sharing and Analysis Center; and Trustwave, a Chicago-based cyber -security company.
Malware Criminals Not 'Sitting Still'
The first variants of the Backoff malware were detected in October 2013, and several new versions have been identified since then, according to the DHS report. The malware has been connected to at least three separate cyberattacks, although the agency did not identify the organizations that were affected.
We reached out to Karl Sigler, manager of threat security at Trustwave, to learn more about Backoff and what organizations can do to protect themselves from such malware attacks.
"It's completely new malware," Sigler told us. "Nobody has seen it before."
In addition to being difficult to detect, new variations of Backoff have continued to emerge, the most recent one being identified in May.
"The criminals out there don't sit still," Sigler said.
Constant Vigilance, Best Practices
While Backoff attacks up until now have been all but undetectable, with the public release of the DHS report and details about the malware's "indicators of compromise," anti-virus software companies are "no doubt" now working to develop protection against the new threat, Sigler said.
In the meantime, he added, retailers and other businesses that want to protect themselves from attacks should be sure to follow the best practices that are regularly recommended by cyber security professionals: use strong passwords, take advantage of two-factor authentication and closely monitor network activity to watch for unusual traffic patterns or strange IP addresses.
Consumers should take similar precautions, said Thomas Holt, associate professor with the School of Criminal Justice at Michigan State University. They should use a secure home computer to, for example, regularly check their bank and payment statements to spot problems as soon as possible.
Continual vigilance is the best defense, Sigler said. Retailers and other businesses, whether they're large or small, can't simply assume that vendor-provided PoS systems automatically provide state-of-the-art security.
"Generally, security takes a back seat" in such systems, Sigler said.