The U.S. Department of Homeland Security issued a report Thursday warning retailers about a malicious software targeting point-of-sale (PoS) systems, called “Backoff,” which it said cannot be identified by anti-virus detectors.
Backoff can expose consumer data including names, mailing addresses, credit and debit card numbers, phone numbers and email addresses.
Recent investigations into PoS data breaches revealed that hackers are using publicly available tools to locate business that use remote desktop applications like Microsoft’s Remote Desktop, Apple Remote Desktop and Join.Me to connect to computer networks over an Internet connection.
The report, which Homeland Security produced with the National Cybersecurity, the Secret Service and Communications Integration Center, noted, “Once these applications are located, the suspects attempted to brute force the login feature of the remote desktop solution. After gaining access to what was often administrator or privileged access accounts, the suspects were then able to deploy the point-of-sale (PoS) malware and subsequently exfiltrate consumer payment data.”
The Backoff malware has been found in at least three separate data breach investigations, and Homeland Security said these type of attacks are on the rise. While the specific companies hit were not disclosed in the report, unnamed sources told the New York Times that more than a dozen retailers have been victim to this malware including Target, Neiman Marcus and Michael’s.
According to the Times, in the Target breach, hackers tapped into the remote access granted through the retailer’s heating and cooling software.
Different variations of Backoff were identified as far back as October 2013, but the malware typically consists of four capabilities: scraping memory for track data, logging keystrokes, uploading discovered data and downloading or executing additional malware.
“These breaches can impact a business’ brand and reputation, while consumers’ information can be used to make fraudulent purchases or risk compromise of bank accounts. It is critical to safeguard your corporate networks and web servers to prevent any unnecessary exposure to compromise or to mitigate any damage that could be occurring now,” the report noted.
While the Backoff malware had previously gone largely undetected by anti-virus software, Homeland Security said anti-virus companies will quickly begin detecting the existing variants of the malicious software.