Malware Gains Access to Credit Card Data at Over 1000 Businesses

Have you checked your credit or debit card lately? You may have been a victim of theft.

The United States government warned last week that more than 1,000 businesses, including UPS, Target and Supervalu, have already been infected with malicious malware that targets point of sales (PoS) systems and then proceeds to steal credit and debit card information.

Identified as Backoff, which was a term used in the malware’s code, it initially made its way through retailers in October of last year and evaded its detection by antivirus software. The malware was first written about by the US Computer Emergency Readiness Team (US-CERT), the Secret Service, and the National Cybersecurity and Communications Integration Center (NCCIC) in July, but its report was updated last week.


Security experts stated that the Backoff infiltrators had first scanned the Internet to locate possible victims by finding installations of the remote desktop software regularly utilized by service providers to manage the POS systems of their retail clients. The advisory noted that the cyber attackers sought out remote desktop solutions, such as Microsoft’s Remote Desktop, Apple’s Remote Desktop, Chrome Remote Desktop and others, and then used a so-called “digital sledgehammer” in order to break into the system using various common passwords.

“Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the ‘Backoff’ malware,” the advisory stated. “Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes.”

It is no secret that these are common methods used by cyber criminals against retailers.

UPS has already announced that its PoS systems were breached and conceded that credit and debit card data had been breached at 51 stores between January and August of this year. Approximately 100,000 transactions were monitored by the culprits. Supervalu noted that at least 180 of its stores had been affected by the malware. Target experienced tens of millions of credit and debit card data being compromised – the giant retailer was also victim to malware this past Christmas as hackers attacked around 40 million credit and debit cards.

The U.S. Secret Service is now warning retailers and customers to inform them if they have been affected.

According to Trustwave’s 2013 Global Security Report, one-third of cybercrime assaults occur on businesses that are focused on PoS systems, and 31 percent of incidents took place because attackers took advantage of weak passwords.

“In the past year, POS malware evolved substantially compared to previous years,” Trustwave stated in the report. “While parsing track data from memory and logging keystrokes on the victim’s machine is nothing new, we noted new developments in data exfiltration processes and command-and-control (C&C) functionality.”

We reported last week that JPMorgan and at least four other banks were allegedly attacked by Russian hackers. The cyber attack resulted in the theft of account information, which could later prompt the individuals to drain the accounts. Also, it was revealed that the hackers gained employee computer information and may have attacked European financial institutions, too.