More than 1,000 businesses have had their point-of-sale systems compromised by Backoff, a family of malware that has the ability to record input from keyboards and control the communications of the infected hardware.
Along with recording keystrokes and transmitting stolen PoS data to criminals, the Backoff family of malware can also scrape the short-term memories of computer and nearly immortalize itself by taking refuge in the explorer.exe process -- Windows' explorer.exe process generates file folders and program windows.
The Secret Service has released an advisory warning businesses to take proactive measures against Backoff, which was detected by Homeland Security agencies roughly a year before antivirus software was upgraded with definitions that targeted the malware.
"Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the 'Backoff' malware," stated the Secret Services' advisory. "Seven PoS system providers/vendors have confirmed that they have had multiple clients affected. Reporting continues on additional compromised locations, involving private sector entities of all sizes, and the Secret Service currently estimates that over 1,000 U.S. businesses are affected."
The U.S. Computer Emergency Readiness Team (US-CERT), a division of Homeland Security, warned of Backoff in late July, though there were no hard numbers indicating how widespread the malware had become. The team stated that Backoff was detected in 2013 and that hackers have been using "brute force" approaches to insert the malicious software into PoS systems that employ remote desktop clients -- some of the remote desktop applications targeted by the hackers included Microsoft's Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop and LogMeIn.
"The impact of a compromised PoS system can affect both the businesses and consumer by exposing customer data such as names, mailing addresses, credit/debit card numbers, phone numbers, and e-mail addresses to criminal elements," stated US-CERT. "These breaches can impact a business' brand and reputation, while consumers' information can be used to make fraudulent purchases or risk compromise of bank accounts.
Businesses are urged to contact their IT teams for evaluation, as well as their vendors of PoS hardware and antivirus software. The Secret Service says it's contacted organizations it finds to have been infected by Backoff. US-CERT says it's critical to protect the back-end of retail hardware from Backoff, as the malware could make its way into corporate networks and web databases.
Organizations that have reason to believe their business has been compromised by Backoff have been encouraged to call the Secret Service's field office at 877-242-3375, the National Cybersecurity and Communications Integration Center at 888-282-0870 or to contact US-CERT by email.