Backoff Malware Targets POS Systems

By Cheryl Knight, contributing writer

A U.S. Department of Homeland Security (DHS) report details the introduction of a new malware campaign designed to steal consumers’ information through point of sale (POS) terminals nationwide. Initial cyberattacks occurred in the months leading up to the much-publicized data breach at Target stores nationwide during the 2013 holiday season. According to reports, at least 600 retailers nationwide have suffered the effects of Backoff.

“It’s not necessarily that this one is nastier than the others,” said Chris Camejo, director of assessment at the security consulting firm NTT Com Security, as quoted in an American Banker article. The real motivation is they’re seeing it used in the wild more than others. Somebody decided this will be their go-to tool.”

How To Stop Backoff

The U.S. DHS report listed several ways to lessen the impact of the Backoff malware. The use of EMV-enabled devices, that accept credit cards containing a chip that require a personal identification number, is one way. Another measure includes configuring remote desktop applications to lock out users after they have failed to login a specific amount of times. Likewise, firewalls can be configured to limit access to ports by IP addresses.

To keep customer data safe, IT solutions providers are always on the lookout for ways to bolster their clients’ security. And according to a Business Solutions guest column by Bob Grabowski, vertical marketing manager of retail for Honeywell Scanning & Mobility point-to-point encryption is an additional layer of defense against cyberattacks aimed at stealing customer information.