Backoff Malware Continues to Grow – Infections Spike in October, Leading into Holiday Season

By   ISBuzz Team
Writer , Information Security Buzz | Nov 13, 2014 05:05 pm PST

Once again, retailers and consumers are gearing up for the busiest sales season of the year. Not surprisingly, threat actors are gearing up as well.

In our Q3 2014 State of Infections report, we noted a steady rise in Backoff malware detections through August and September. Backoff is the point-of-sale (PoS) malware linked to the breach of Home Depot and other retailers. Cyber criminals have used it to steal millions of credit card numbers and related information. Closing out October, we saw an additional increase of 33% in Backoff malware detections.

Featured Download: Social media access at work. Do your employees know the rules?

The surge of Backoff malware is indicative of the breadth of challenges retailers face when it comes to securing their widely distributed PoS systems. Antivirus and other signature-based prevention tools can’t keep up because malware authors are continually altering the code. A successful intruder can only be caught if the enterprise has a way to detect hidden threats in their network. That is particularly difficult to do with PoS systems because they often connect to local networks, not a corporate network. Security teams have little-to-no visibility into outbound traffic. The longer the malware dwells, the more damage it can do. Consider that Home Depot was breached for five months before discovery.

It’s reasonable to expect to hear about more retail breaches leading into the holiday shopping season. Cyber criminals only need to find one weak link in a very long chain of distributed PoS systems. Security teams have to have proper visibility to know when a compromise occurs. Damballa recommends that retail stores follow basic guidelines provided by US-CERT, which advises retailers with point-of-sale devices “implement tools to detect anomalous network traffic and anomalous behavior by legitimate users.” It’s also essential to get visibility into DNS traffic from POS systems. We cover specific recommendations in our Q3 report.

By Brian Foster, CTO, Damballa

About Damballa

damballa_logoDamballa helps enterprises prevent loss of their data, intellectual property, finances and reputation due to a cyber-security breach. We are innovators in advanced threat protection and containment. That means our systems help stop malicious behavior from damaging your business.

Notify of
0 Expert Comments
Inline Feedbacks
View all comments

Recent Posts

Would love your thoughts, please comment.x