The U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday that over a thousand major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called “Backoff” and are probably unaware of it. Backoff is capable of scraping the memory contents of point of sales systems. The malware is capable of swiping data from credit cards, logging keystrokes, and communicating with a remote server. The alert said: “Over the past year, the Secret Service has responded to network intrusions at numerous businesses throughout the United States that have been impacted by the “Backoff” malware. Seven PoS system providers/vendors have confirmed that they have had multiple clients affected.” The malware is thought to be responsible for the recent data breaches at Target, SuperValu supermarkets and UPS stores. The malware was not detectable my most antivirus software. Most antivirus packages now detect Backoff, but DHS is advising network operators take immediate action to ensure they haven’t been affected. “DHS strongly recommends actively contacting your IT team, antivirus vendor, managed service provider, and/or point of sale system vendor to assess whether your assets may be vulnerable and/or compromised,” it said. “The Secret Service is active in contacting impacted businesses, as they are identified, and continues to work with and support those businesses that have been impacted by this PoS malware.” The DHS asked that instances of it are reported to a local Secret Service field office. 23.08.2014 http://www.majorgeeks.com/news/story/backoff_malware_captures_credit_card_data.html
