'Backoff' Malware a Huge Problem, Report Suggests

A new report suggests that roughly one thousand American businesses have been victimized by 'Backoff', a form of malware that exposes customers' most sensitive information, including credit card data. Backoff made headlines late last year when retail giant Target was hit, exposing credit card data of roughly forty million customers.

Now, the National Cybersecurity and Communications Center (NCCIC) and U.S. Secret Service are suggesting that many more businesses have been exposed by the same malware. If an infection occurs, the Backoff malware is capable of recording keystrokes and scanning a system's memory to steal credit card data. That information is then relayed to a central command center (most of which are based abroad), giving cybercriminals an opportunity to make fraudulent purchases.

Antivirus Programs Fail to Detect Malware

Unfortunately, very little is known about Backoff, or how it functions. The NCCIC and U.S. Secret Service recently acknowledging that the malware "had low to zero percent anti-virus detection rates, which means that fully updated anti-virus engines on fully patched computers could not identify the malware as malicious." (Source: pcmag.com)

The New York Times recently reported that over a thousand U.S. businesses of all sizes have become infected with the Backoff malware, with affected businesses including big-name companies such as the United Parcel Service (UPS) and Supervalu. Those two firms have acknowledged they were infected, though the full list of the businesses affected has not yet been made available. (Source: nytimes.com)

Antivirus companies are now scrambling to implement new systems capable of identifying and eliminating Backoff infections. For its part, the NCCIC is encouraging all businesses to conduct a careful analysis of their point-of-sale (PoS) systems, though that may be a fruitless endeavor given Backoff's subtle and stealthy nature.

New Purchasing Systems Required, Expert Says

Security experts believe the only way to confront these kinds of hacks is to change how purchases are made.

According to Gartner security analyst Avivah Litan, Backoff infections are made by exposing weaknesses in the magnetic strips found on credit cards. "The weakness is the magnetic stripe," Litan said. "I can buy a mag stripe reader on eBay and easily read all the data from your credit card. It's an antiquated technology from the '60s."

That's why many, though not all, credit cards now feature a chip that requires customers enter a security code before a purchase can be completed. Litan says this makes hacking far tougher, but until every retailer switches to using these systems (at a cost of $500 to $1,000 per terminal), businesses and their customers will remain vulnerable. (Source: nytimes.com)

What's Your Opinion?

Do threats like Backoff make you worry about using your credit card at a retailer (online or in person)? Have you or someone you know been affected by the Target credit card data breach? Do you think that the chip technology present in today's credit cards are safer than the magnetic stripe? Or do you believe they are less safe due to RFID (radio frequency id) vulnerabilities?