US Homeland Security Department: 1,000+ US retailers HIT by malware

According to the US Homeland Security Department, over 1,000 US retailers could be infected by a malware virus, which in result can comprise sensitive card and payment data.

In a statement released late last week, the government office urges all retailers with card swiping POS systems to search their back-office for any files or software called “Backoff”. The Backoff malware was first unveiled back in October 2013, and the Homeland Security Department offers information and instructions on finding and removing it from card terminal systems.

We posted last week on UPS’s malware incident which infected 51 of its stores. According to the US government, the virus is in fact the same.

This is in no affiliation to the now iconic Target security breach which resulted in over 40 million cards being compromised. Whereas Target’s terminals were infected in-store, the Backoff malware infects payment systems by finding insufficiently protected remote access points and duping computer users to download malware, one of the oldest malware tricks in the book.

"Once the bad guys realized they were able to penetrate larger networks, they saw the opportunity to develop malware that's specifically for credit cards and can evade antivirus programs," Jerome Segura, a senior security researcher at Cybersecurity Cybersecurity Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Cybersecurity is a blanket term that refers to the protection of computer systems and networks from the theft.More broadly speaking, cybersecurity can also represent countermeasures against damage to hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide.It was not long ago that the term cybersecurity not exist as it was first used in 1989. In today’s vernacular cybersecurity, refers to measures taken to protect a computer or computer Read this Term software firm Malware Bytes told the Associated Press.

Malware and security breaches such as these are speeding up the introduction of EMV/Pin & Chip secure cards. While offering one more step for in-store verification, the move is expected to increase online payment fraud given the technology is redundant in Card-not-Present environments.

SOURCE