Retailers: Protect against Backoff malware

Retailers: Protect against Backoff malware

By now, nearly every retailer in the physical and virtual space has heard about the cybersecurity ​woes incurred by Target after last year’s breach. The attack resulted in the compromise of millions of customers’ data which the vendor is still trying to recover from. Now, the Payment Card Industry Security Standards Council is warning other retailers to protect themselves against the malware sample responsible for Target’s breach, dubbed Backoff.

The PCI SSC issued a notification alerting vendors about the Backoff infection, and urging them to utilize a layered security approach for protection. As part of this layered security, the council recommends the deployment of PCI-approved point-of-sales devices to encrypt payment card data. In addition, retailers should also install or update anti-virus protection and change all passwords to ensure the security of their customers’ sensitive information.

Since its initial release in October 2013, a number of retailers have fallen victim to the infection, including the high-profile case of Target. According to a Department of Homeland Security report, as many as 600 vendors have been affected, many of which are small, single branch brick-and-mortar stores.

The history of attacks shows that hackers are aiming the infection at companies leveraging remote desktop applications – such as those used by IT help desk agents to remotely solve issues on an organization’s computers – coupled with vulnerable data protection.

“Once [cybercriminals] find businesses with basic IT security or weak passwords, they can gain the same remote access to systems that technical assistance might have and easily install the malware,” wrote Time contributor Sam Frizell. “‘Backoff’ then scrapes memory from the victims’ machines, searches for track data and logs keystrokes to reap sensitive data such as credit card information.”

Many security vendors are now creating coded defenses specifically geared to protect a business against the Backoff malware. To ensure protection, retailers should check that they are utilizing the most up-to-date anti-virus protection as part of their layered security.

About The Author

Scott Cornell

When he’s not knee deep in blogging and all things tech, Scott spends his free time playing ultimate Frisbee and watching foreign films. An expert in emerging tech trends, Scott always has his ear to ground for breaking news related to IT security.

Sign Up For A 30-Day Trial


Deep Freeze Enterprise

Centralized deployment and management as well as a host of configuration options for the Enterprise.

  • This field is for validation purposes and should be left unchanged.

Ready to find out more about Faronics? Let us know how to reach you.

We're here to help you in any way possible.