Homeland Security advises companies to scan POS systems for Backoff malware

The New York Times reported over the weekend that a POS malware package called Backoff has infiltrated over 1,000 businesses and was responsible for the breaches at Target, UPS and Supervalu. Backoff hacks into credit card processing software by guessing employees' usernames and passwords until a right combination is randomly found. The business's internal network can then be explored without being detected, gaining access to private cardholder information. The malware was not detectable by antivirus solutions until earlier this month when the Secret Service, Homeland Security and National Cybersecurity and Communications Integration Center released a statement about it to the public. 

In an advisory released on Friday, Homeland Security advised businesses to tighten security by requiring longer, more complex passwords from their employees, and also by limiting the number of external organizations allowed to access its networks. Other simple precautions can be taken that may prevent breaches, such as preventing employees from logging into accounts after a certain number of attempts and installing a two-factor identification system. 

The effects of Backoff are far more extensive than experts initially believed, and while several stores have come forward as victims of the malware, most have not revealed whether they have been affected. On Friday, security agencies urged companies to scan all systems for Backoff and immediately install the increased security measures recommended. The malware, which survived in Target's systems for weeks before being detected, has the power to damage both companies and consumers with the theft of private information. Companies are shelling out millions of dollars to stem the tide of negative press, customer compensation and security remodels that inevitably come in the wake of large-scale breaches such as the ones Backoff has been perpetrating. 

Customers should be aware that over 1,000 businesses were affected in locations across the country, so personal credit card information should be monitored carefully over the next few months as companies attempt to catch up with the malware technology at currently at work. 

Scroll to Top