On Friday, August 22 the Department of Homeland Security (“DHS”) and U.S. Secret Service released an advisory warning that a family of malware known as “Backoff” may have infiltrated the Point of Sale (“PoS”) systems of over 1,000 U.S. businesses. The malware was injected into some systems as far as back as October 2013, and DHS warns that it “has likely infected many victims who are unaware that they have been compromised.” “Backoff” allows cybercriminals to remotely exfiltrate consumer credit card information by exploiting an organization’s administrator accounts. The advisory strongly encourages businesses to take immediate action and contact their IT personnel, PoS and antivirus vendors as well as other service providers to assess whether their systems have been compromised by the malware.
The existence of the “Backoff” malware was first announced in a July 31, 2014 advisory released by DHS’ National Cybersecurity and Communications Integration Center (“NCCIC”) and several other entities. That July 31 advisory provided a detailed analysis of the malware so organizations could scan their systems for signs of compromise and antivirus vendors could update their software to detect “Backoff.” After that advisory was released, NCCIC and the Secret Service received reports confirming that the “Backoff” malware was widespread. The follow-up advisory released last week was designed to alert companies to the prevalence of the malware and encourage them to investigate whether their systems were compromised.
To contact DHS with questions regarding the malware, businesses may send an e-mail to NCCIC@hq.dhs.gov or call (888) 282-0870.