rat stealing money

New Retail Cyber Threat: Back-Off
| published August 2, 2014 |

By Thursday Review staff

The security and data breaches during the holiday season last year were vast. The Target breach alone may have exposed the credit card and debit card information of as many as 70 million U.S. consumers. Then, within weeks of that scary news, we learned that other retailers had also been hacked, including Neiman Marcus and Michael’s.

Now, the U.S. Treasury Department and the U.S. Department of Homeland Security are warning of another cyber-attack on retailers—this one in the form of a malicious spyware called “Back-off.” Back-off, which turns out to be largely hidden from most security programs and anti-virus protections, is designed to quickly collect data from credit card users at the point-of-sale—i.e. at the moment that a customer uses a credit card or debit card.

Back-off also steals payments directly, in some cases rerouting the funds, and it can collect personal data, including full names, mailing addresses, cell phone or landline information, and email accounts and usernames.

Back-off was written to take advantage of stores with remote access and remote desktop applications; retailers who use an internal system may not be at high risk. But retailers who do use remote desktop applications are at greater risk since the malicious software allows cyber-thieves to gain administrative access. The malware was first identified last fall, but was not seen then as a significant threat since its appearance was limited to only a small handful of retail venues. Later, Back-off was eclipsed by the scope and breadth of other cyber problems—notable the Target breach, and earlier this year the infamous Heartbleed vulnerability.

According to the Homeland Security’s US-CERT website (United States Computer Emergency Readiness Team), the remote access solutions which can be affected include products by Microsoft, Apple, Google Chrome, LogMEin, and others. Hackers identify retailers and other who use remote access programs by these providers, and then crack the passwords. Only once they are inside the system do the cyber-thieves co-opt administrative roles and insert the malware.

Back-off has remained largely undetected by most anti-virus software. The US-CERT website has a list of steps that retailers can follow to avoid problems.

Related Thursday Review articles:

How Bloody Will Heartbleed Be?; Thursday Review staff; Thursday Review; April 9, 2014.

Heartbleed: Good News, Bad News; R. Alan Clanton; Thursday Review; April 11, 2014.