Why Backoff Malware Is Such a Big Threat to Retailers

1 - Why Backoff Malware Is Such a Big Threat to Retailers
2 - Backoff Has Been Active Since October 2013
3 - At Least 1,000 Businesses Across the U.S. Have Been Infected
4 - Backoff Targets Windows POS
5 - Remote Desktop Software Is the Point of Entry
6 - Java Is an Indicator of Compromise
7 - Magnetic Stripe Credit Card Data Is Easily Stolen
8 - Backoff Has Keylogging Features
9 - Backoff Communicates Credit Card Data Every 60 Seconds
10 - Proper Security Can Limit Backoff Risk
1 of 10

Why Backoff Malware Is Such a Big Threat to Retailers

by Sean Michael Kerner

2 of 10

Backoff Has Been Active Since October 2013

Although the U.S. government didn't issue a public advisory about Backoff until July, it turns out the malware has been active since October 2013.

3 of 10

At Least 1,000 Businesses Across the U.S. Have Been Infected

Initially, 600 businesses were thought to be at risk from Backoff, but that number has been revised upward to "at least" 1,000, according to US-CERT.

4 of 10

Backoff Targets Windows POS

Trustwave's Karl Sigler notes that Backoff works against any Microsoft Windows-based POS system.

5 of 10

Remote Desktop Software Is the Point of Entry

In most cases, the initial breach into a retailer's POS system is by way of some form of Remote Desktop Protocol (RDP) access.

6 of 10

Java Is an Indicator of Compromise

Sigler explained that in some cases, when the Backoff malware lands on a system, it is installed to an Oracle Java directory with an executable name of javaw.exe. He added that most POS systems typically don't need to have Java.

7 of 10

Magnetic Stripe Credit Card Data Is Easily Stolen

One of the core capabilities of Backoff is that it grabs customer credit card data taken from magnetic stripe card swipes.

8 of 10

Backoff Has Keylogging Features

Going a step beyond just card swipes, Backoff also has keylogging features. Sigler noted that even if a cashier manually enters a credit card number, that data will also be compromised.

9 of 10

Backoff Communicates Credit Card Data Every 60 Seconds

An infected Backoff system can communicate stolen data back to a command and control host every 60 seconds.

10 of 10

Proper Security Can Limit Backoff Risk

Sigler suggests that retailers have a firewall in place that monitors for communications to rogue servers. The use of strong passwords and two-factor authentication is recommended as well. Reducing the attack surface by properly securing remote desktop access can also reduce the risk.

Top White Papers and Webcasts