Roughly 1000 businesses in the US were badly affected by a cyber attack. This attack crippled many in-house cash register systems of retailers such as UPS, Supervalu and Target. According to a new advisory released by the Department of Homeland Security the attacks are more serious than previously predicted. As a matter of fact, the hackers are now stealing the data they have amassed from credit and debit cards. The customers and companies do not know this.
This cyber attack was named Backoff. It made its debut in October 2013. Apparently, Backoff can scrape the memory contents of cash registers (PoS systems). Hackers use the data collected to obtain credit card data, and ultimately, steal money. Backoff is capable of monitoring keyboard strokes, and it can communicate with the help of remote servers.
It is not the first time that Backoff strikes. Last year, it has affected several businesses in the United States. Currently, seven PoS systems vendors have confirmed that their clients were hit by this malware.
Government agencies like the Department of Homeland Security, Communications Integration Center, the National Cybersecurity and the Secret Services warn companies, on July 31, to scan their cash register machines to determine whether or not they are susceptible to the Backoff malware. Backoff has several variations, including goo, net, MAY and LAST which couldn’t be identified by anti-virus programs until then.
The Secret Service is currently contacting different businesses to inquire about their situation and offer them aid. They are also exploring the possibilities of gaining remote access to their services. Entry points include vendors with access to payment systems. Once hackers gain a foothold, they will be free to crawl through corporate data networks until they gain access to cash registers. At the moment, payment details of millions of customers are being sold on the black market.
UPS and Supervalu are the only companies to confirm that they were hit by the virus. Other companies decided not to comment. Also, the Secret Service says that this malware has affected over 1000 American businesses. DHS advises network operators to take swift action to ensure that they are not affected.
The DHS also asked businesses to contact their IT teams, antivirus vendors, cash register system vendors, and service providers to discover whether their assets are compromised or not. It also recommended that companies reduce the number of employees and vendors with access to internal data networks, that they make more difficult passwords and lock access after several unsuccessful login attempts.
Another precautionary measure would be to segregate important systems (like cash registers) from corporate data networks. Two-factor authentication and encrypted payments could also resolve this issue.
All in all, the data breach at the Target stores is probably the worst one. It compromised the security of millions of credit cards in a few weeks. Also, Supervalu said that approximately 180 of its US stores (50 stores for UPS) have fallen victims to malware attack.