--------
DHS first warned of Backoff in late July, when it noted the
malware was not detectable my most antivirus software.
--------
And yet in spite of that and countless other similar examples, the myth
continues that AV/AM software actually accomplishes anything useful and
is worth the millions of dollars that is spent each year on that market
segment.
====================================================================
US warns 'significant number' of major businesses hit by Backoff malware
Backoff malware is stealing credit card details, according to a
cybersecurity alert
August 22, 2014 05:48 PM ET
IDG News Service - More than 1,000 major enterprise networks and small
and medium businesses in the U.S. have been compromised by a recently
discovered malware package called Backoff and are probably unaware of
it, the U.S. Department of Homeland Security (DHS) said in a
cybersecurity alert on Friday.
Backoff first appeared in October 2013 and is capable of scraping the
memory contents of point of sales systems -- industry speak for cash
registers and other terminals used at store checkouts -- for data swiped
from credit cards, from monitoring the keyboard and logging keystrokes,
from communicating with a remote server.
"Over the past year, the Secret Service has responded to network
intrusions at numerous businesses throughout the United States that have
been impacted by the "Backoff" malware," the alert said. "Seven PoS
system providers/vendors have confirmed that they have had multiple
clients affected."
The malware is thought to be responsible for the recent data breaches at
Target, SuperValu supermarkets and UPS stores, and the Secret Service is
still learning of new infections.
DHS first warned of Backoff in late July, when it noted the malware was
not detectable my most antivirus software. That made it particularly
difficult to stop, because much of the fight against computer viruses
and malware rests on antivirus applications.
Most antivirus packages now detect Backoff, but DHS is advising network
operators take immediate action to ensure they haven't been affected.
"DHS strongly recommends actively contacting your IT team, antivirus
vendor, managed service provider, and/or point of sale system vendor to
assess whether your assets may be vulnerable and/or compromised," it
said. "The Secret Service is active in contacting impacted businesses,
as they are identified, and continues to work with and support those
businesses that have been impacted by this PoS malware."
In many cases, hackers gained access to machines through brute-force
attacks on remote log-in systems offered through companies like
Microsoft, Apple and Google and other third-party vendors. Once inside,
they were able to copy the malware to the machine and set it capturing
credit card data.
The DHS asked that instances of it are reported to a local Secret
Service field office.
The Target data breach was one of the largest in recent memory,
resulting in tens of millions of credit and debit cards being
compromised. In the last couple of weeks, SuperValu said that at least
180 of its stores had been hit by a data breach and earlier this week
UPS said 51 of it UPS Store locations had been hit.
http://www.computerworld.com/s/article/9250607/US_warns_39_significant_number_3
9_of_major_businesses_hit_by_Backoff_malware
--- NewsGate v1.0 gamma 2
* Origin: News Gate @ Net396 -Huntsville, AL - USA (1:396/4)
|