Why Backoff Malware Is Such a Big Threat to Retailers

By Sean M. Kerner  |  Posted 2014-08-29

Retailers around the U.S. are on high alert, checking to see if they've been infected with Backoff, a malware family that specifically takes aim at point-of-sale (POS) systems running on Windows to steal customer credit card information. The U.S. government first warned about the dangers of Backoff in a public advisory in July, and initially 600 businesses were thought to be infected with the malware. However, that number has been revised to "over 1,000" in the latest update of the advisory. Retail attacks have been increasingly numerous over the course of the past year, with a number of high-profile breaches hitting retailers including Target, Neiman Marcus, P.F. Chang's and UPS. In the case of UPS, which only publicly disclosed that it had been attacked on Aug. 20, the breach had been undetected for months. In its disclosure, UPS does not specifically name Backoff as the culprit, though it does credit a U.S. government advisory on retail POS malware as helping it identify and contain its own data breach threat. Security vendor Trustwave is credited by the U.S Secret Service in the Backoff advisory as being a key partner under contract with the government examining the Backoff threat. In this slide show, eWEEK, with input from Karl Sigler, threat intelligence manager at Trustwave, reviews some of the key facts and recommendations about the Backoff POS malware.


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel