Retailers are advised to evaluate their systems for signs of intrusion

Aug 23, 2014 14:17 GMT  ·  By

Point-of-sale (PoS) malware BackOff leveraged in the recent intrusion on UPS systems in 51 locations across the US is estimated to impact more than 1,000 businesses.

Backoff is a recently discovered PoS malware, which is believed to have been employed in cyber-attacks on payment systems of various retailers since at least October 2013.

The Department of Homeland Security (DHS), issued an advisory on Friday, recommending retailers to evaluate their payment systems for signs of compromise.

“DHS strongly recommends actively contacting your IT team, antivirus vendor, managed service provider, and/or point of sale system vendor to assess whether your assets may be vulnerable and/or compromised,” the advisory says.

According to the communication, at the moment seven PoS providers/vendors have confirmed that their clients reported network intrusions that resulted in planting Backoff malware on the payment systems.

“Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected,” informs the DHS report.

Backoff PoS malware relies on RAM scraping technique to steal track data from the memory of the affected system.

It was first detected by researchers at Trustwave Spiderlabs and its existence was made public in an advisory from US CERT (Computer Emergency Response Team) on July 31.

This is a different PoS malware family than the one in the Target breach, where it is believed that Kaptoxa (slang for “potato” in Russian), also known as BlackPOS, was used.