{"id":6142,"date":"2014-08-06T10:00:38","date_gmt":"2014-08-06T14:00:38","guid":{"rendered":"http:\/\/blog.nccomputertech.com\/?p=6142"},"modified":"2014-08-06T10:00:38","modified_gmt":"2014-08-06T14:00:38","slug":"department-of-homeland-security-warns-retailers-of-backoff-pos-malware-techspot","status":"publish","type":"post","link":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/06\/department-of-homeland-security-warns-retailers-of-backoff-pos-malware-techspot\/","title":{"rendered":"Department of Homeland Security warns retailers of &#8216;Backoff&#8217; POS malware &#8211; TechSpot"},"content":{"rendered":"<p style=\"text-align:center;\"><a href=\"http:\/\/www.techspot.com\/news\/57603-department-of-homeland-security-warns-retailers-of-backoff-pos-malware.html\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/nccomputertech.com\/techtalk\/wp-content\/uploads\/2014\/08\/pos.jpg\" alt=\"\" \/><\/a><\/p>\n<p>The Department of Homeland Security yesterday issued an alert about a point-of-sale malware that was used in a string of recent attacks by cyber criminals. Dubbed Backoff, the malware has been witnessed on at least three separate forensic investigations since late 2013 and continues to operate today.<\/p>\n<p>According to US-CERT, the malware is capable of: scraping memory for track data from credit card swipes, which lets hackers obtain the account number on the card as well as create fraudulent cards; logging keystrokes; command &amp; control (C2) communication, a component that is responsible for uploading discovered data, updating the malware, downloading\/executing further malware, and uninstalling the malware; and injecting malicious stub into explorer.exe, so that the in-memory component can be reloaded if it crashes.<\/p>\n<p>The alert was prepared in cooperation with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs.<\/p>\n<p>\u201cThe criminals gained initial access through remote access systems set up on many POS systems for support and troubleshooting purposes,\u201d said Karl Sigler, threat intelligence manager with Trustwave. Some of those remote access systems include Microsoft&#8217;s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMEIn&#8217;s Join.Me.<\/p>\n<p>Hackers would then run a brute-force attack on the remote access system&#8217;s passwords, and plant the malware on the POS devices once the access is gained.<\/p>\n<p>Sigler also revealed that more than 600 businesses, mostly food and beverage retailers, have been compromised by the malware. Although the US-CERT says that currently most of the anti-virus software is unable to detect the malware, it advises users to maintain an up\u2010to\u2010date version of the software installed on their system.<\/p>\n<p>via <a href=\"http:\/\/www.techspot.com\/news\/57603-department-of-homeland-security-warns-retailers-of-backoff-pos-malware.html\" target=\"_blank\">Department of Homeland Security warns retailers of &#8216;Backoff&#8217; POS malware &#8211; TechSpot<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The Department of Homeland Security yesterday issued an alert about a point-of-sale malware that was used in a string of [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"site-sidebar-layout":"default","site-content-layout":"","ast-site-content-layout":"default","site-content-style":"default","site-sidebar-style":"default","ast-global-header-display":"","ast-banner-title-visibility":"","ast-main-header-display":"","ast-hfb-above-header-display":"","ast-hfb-below-header-display":"","ast-hfb-mobile-header-display":"","site-post-title":"","ast-breadcrumbs-content":"","ast-featured-img":"","footer-sml-layout":"","ast-disable-related-posts":"","theme-transparent-header-meta":"","adv-header-id-meta":"","stick-header-meta":"","header-above-stick-meta":"","header-main-stick-meta":"","header-below-stick-meta":"","astra-migrate-meta-layouts":"default","ast-page-background-enabled":"default","ast-page-background-meta":{"desktop":{"background-color":"var(--ast-global-color-4)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"ast-content-background-meta":{"desktop":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"tablet":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""},"mobile":{"background-color":"var(--ast-global-color-5)","background-image":"","background-repeat":"repeat","background-position":"center center","background-size":"auto","background-attachment":"scroll","background-type":"","background-media":"","overlay-type":"","overlay-color":"","overlay-opacity":"","overlay-gradient":""}},"_jetpack_newsletter_access":"","_jetpack_dont_email_post_to_subs":false,"_jetpack_newsletter_tier_id":0,"_jetpack_memberships_contains_paywalled_content":false,"_jetpack_feature_clip_id":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":"","jetpack_publicize_message":"","jetpack_publicize_feature_enabled":true,"jetpack_social_post_already_shared":false,"jetpack_social_options":{"image_generator_settings":{"template":"highway","default_image_id":0,"font":"","enabled":false},"version":2},"jetpack_post_was_ever_published":false},"categories":[7,9],"tags":[342,655,841],"class_list":["post-6142","post","type-post","status-publish","format-standard","hentry","category-security","category-software","tag-exploits","tag-malware","tag-pos"],"jetpack_publicize_connections":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/papNkV-1B4","jetpack-related-posts":[{"id":6341,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/09\/02\/why-hackers-may-be-stealing-your-credit-card-numbers-for-years\/","url_meta":{"origin":6142,"position":0},"title":"Why hackers may be stealing your credit card numbers for years","author":"NCCT","date":"September 2, 2014","format":false,"excerpt":"While conducting a penetration test of a major Canadian retailer, Rob VandenBrink bought something from the store. He later found his own credit card number buried in its systems, a major worry. The retailer, which has hundreds of stores across Canada, otherwise had rock-solid security and was compliant with the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3197,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/19\/malware-hijacks-mobile-ad-networks-to-siphon-money\/","url_meta":{"origin":6142,"position":1},"title":"Malware hijacks mobile ad networks to siphon money","author":"NCCT","date":"August 19, 2013","format":false,"excerpt":"Asian cybercriminals have figured out an unusual way to use the architecture of a mobile ad network to siphon money from their victims. The new method represents another step in the evolution of mobile malware, which is booming with more smartphones shipping than PCs. Mobile ad networks open up the\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3213,"url":"https:\/\/nccomputertech.com\/techtalk\/2013\/08\/20\/researchers-manage-to-get-malware-published-in-apples-ios-app-store\/","url_meta":{"origin":6142,"position":2},"title":"Researchers manage to get malware published in Apple&#039;s iOS App Store","author":"NCCT","date":"August 20, 2013","format":false,"excerpt":"While the posting of malware remains a rare occurrence on Apple's iOS App Store, a team of security researchers figured out a way to get a malicious piece of software past Apple's certification team. The team from Georgia Tech said that the app was approved and published by Apple in\u2026","rel":"","context":"In &quot;Apple&quot;","block_context":{"text":"Apple","link":"https:\/\/nccomputertech.com\/techtalk\/category\/apple\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":6294,"url":"https:\/\/nccomputertech.com\/techtalk\/2014\/08\/27\/research-team-creates-undetectable-malware-bound-to-legitimate-software-downloads\/","url_meta":{"origin":6142,"position":3},"title":"Research team creates undetectable malware bound to legitimate software downloads","author":"NCCT","date":"August 27, 2014","format":false,"excerpt":"Most cyber attacks from your typical home hacker, come by way of techniques used 10 years ago or more like phishing scams, poor password management, and things of that nature. But now it seems as though a research team from Germany has developed on all new strain of malware. The\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8210,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/05\/05\/this-terrifying-malware-destroys-your-pc-if-detected\/","url_meta":{"origin":6142,"position":4},"title":"This terrifying malware destroys your PC if detected","author":"NCCT","date":"May 5, 2015","format":false,"excerpt":"A new type of malware resorts to crippling a computer if it is detected during security checks, a particularly catastrophic blow to its victims. The malware, nicknamed Rombertik by Cisco Systems, is designed to intercept any plain text entered into a browser window. It is being spread through spam and\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":8453,"url":"https:\/\/nccomputertech.com\/techtalk\/2015\/07\/07\/zeusvm-malware-building-tool-leak-may-cause-botnet-surge\/","url_meta":{"origin":6142,"position":5},"title":"ZeusVM malware building tool leak may cause botnet surge","author":"NCCT","date":"July 7, 2015","format":false,"excerpt":"The Internet could see a new wave of botnets based on the ZeusVM banking Trojan after the tools needed to build and customize the malware program were published online for free. The source code for the builder and control panel of ZeusVM version 2.0.0.0 was leaked sometime in June, according\u2026","rel":"","context":"In &quot;Security&quot;","block_context":{"text":"Security","link":"https:\/\/nccomputertech.com\/techtalk\/category\/security\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]}],"_links":{"self":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6142","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/comments?post=6142"}],"version-history":[{"count":0,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/posts\/6142\/revisions"}],"wp:attachment":[{"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/media?parent=6142"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/categories?post=6142"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nccomputertech.com\/techtalk\/wp-json\/wp\/v2\/tags?post=6142"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}