Malware that hit Target puts more than 1,000 businesses at risk


Remember the massive data breach Target suffered late last year, where hackers compromised the credit card data of over 40 million Target customers and cost the retail giant millions of dollars? Well, the federal government says that attack might just be the beginning.

An advisory published by the Department of Homeland Security warns retailers that point-of-sale or PoS malware attacks, like the one that struck Target, might still be floating around in the wild, undetected. The DHS estimates about 1,000 U.S. businesses could be affected by the virus.

The dire warning stems from an earlier report issued last month about a new type of PoS attack, dubbed "Backoff" malware. The attackers exploit insecurities in remote desktop software to access administrator accounts and steal consumer data from PoS systems.

That's probably how the Target breach happened — back in February, cybersecurity blogger Brian Krebs reported a compromised HVAC vendor account might have given hackers access to Target's systems.

>> Read more trending stories

Since the report was released, most antivirus software has been updated to be on the lookout for Backoff — but the feds are still advising businesses double-check their systems. The U.S. Secret Service says seven different businesses have reported Backoff attacks since the Target breach.

​U.S. retailers have been a particularly attractive target for hackers in recent years — high-profile businesses like Neiman MarcusP.F. Chang'sSupervalu and UPS have all been hit with cyberattacks over the past year. Of course, we don't know if all of these attacks were necessarily Backoff — but they did all target credit card data.

A Vendor Safe analyst says Backoff is one of those malware programs that's "so insidious that it changes the landscape of computer security." He argues Backoff's high-profile strikes should prompt businesses to embrace "basic security measures which too many retailers have ignored."

And a Tom's Guide editor agrees, telling CNBC there's a few basic steps retailers can take to help protect their systems.

"They need to separate their own access systems from their point of sales systems and the like, and then they just have to be more proactive about monitoring their databases."

The DHS estimated Backoff first appeared in October 2013 — antivirus solutions for the malware weren't widespread until this month. Retailers are encouraged to contact a local Secret Service field office if they suspect they've been hacked.

This video contains images from Getty Images.



Reader Comments ...


Next Up in Business

NASCAR’s Petty helps open Spectrum
NASCAR’s Petty helps open Spectrum

Although the Spectrum Brands Global Auto Care center in Vandalia has been preparing, packaging and shipping products for months, it got an official opening Thursday, with a little help from some friends — including a NASCAR legend. Richard Petty has been associated with STP gas and oil treatment products for some 46 years. “I’ve followed...
Longtime Urbana auto dealer sold to SVG Motors
Longtime Urbana auto dealer sold to SVG Motors

A growing chain of car dealerships recently stepped in to buy one of the longest-running family owned businesses in Urbana, with plans to add additional employees and renovate the business. SVG Motors, an auto dealer with locations in Dayton, Eaton and Greenville, has purchased Trenor Motors for an undisclosed price. READ MORE: Springfield Airport...
Swedish clothing retailer to open at local outlet mall
Swedish clothing retailer to open at local outlet mall

Swedish clothing retailer H&M is opening a location at the Tanger Outlet in Jeffersonville. The retailer, known for its clothing for men, women, teenagers and children, will open at the Tanger Outlet at 8000 Factory Shops Blvd. on July 27. The first 200 shoppers in line will receive giveaway prizes up to $300, according to the retailer. Customers can...
DHL Supply Chain to close Englewood site, impacting 85 employees
DHL Supply Chain to close Englewood site, impacting 85 employees

DHL Supply Chain will close its Englewood location later this year, impacting 85 workers at the site. The company sent a WARN notice to the Ohio Department of Job & Family Services, announcing they plan to close a DHL Supply Chain facility located at 71 Lau Parkway in Englewood. The location is expected to close on Sept. 18, according to the letter...
Air Force adds GE to $409M contract
Air Force adds GE to $409M contract

The Air Force Research Laboratory has added General Electric Co. among at least three companies part of a seven-year, $409 million contract to develop “next generation” thermal, power and control technologies. RELATED: GE Aviation acquires robotics maker The initial GE order is worth $106,000 which will continue to support integrated power...
More Stories