Malware that hit Target puts more than 1,000 businesses at risk


Remember the massive data breach Target suffered late last year, where hackers compromised the credit card data of over 40 million Target customers and cost the retail giant millions of dollars? Well, the federal government says that attack might just be the beginning.

An advisory published by the Department of Homeland Security warns retailers that point-of-sale or PoS malware attacks, like the one that struck Target, might still be floating around in the wild, undetected. The DHS estimates about 1,000 U.S. businesses could be affected by the virus.

The dire warning stems from an earlier report issued last month about a new type of PoS attack, dubbed "Backoff" malware. The attackers exploit insecurities in remote desktop software to access administrator accounts and steal consumer data from PoS systems.

That's probably how the Target breach happened — back in February, cybersecurity blogger Brian Krebs reported a compromised HVAC vendor account might have given hackers access to Target's systems.

>> Read more trending stories

Since the report was released, most antivirus software has been updated to be on the lookout for Backoff — but the feds are still advising businesses double-check their systems. The U.S. Secret Service says seven different businesses have reported Backoff attacks since the Target breach.

​U.S. retailers have been a particularly attractive target for hackers in recent years — high-profile businesses like Neiman MarcusP.F. Chang'sSupervalu and UPS have all been hit with cyberattacks over the past year. Of course, we don't know if all of these attacks were necessarily Backoff — but they did all target credit card data.

A Vendor Safe analyst says Backoff is one of those malware programs that's "so insidious that it changes the landscape of computer security." He argues Backoff's high-profile strikes should prompt businesses to embrace "basic security measures which too many retailers have ignored."

And a Tom's Guide editor agrees, telling CNBC there's a few basic steps retailers can take to help protect their systems.

"They need to separate their own access systems from their point of sales systems and the like, and then they just have to be more proactive about monitoring their databases."

The DHS estimated Backoff first appeared in October 2013 — antivirus solutions for the malware weren't widespread until this month. Retailers are encouraged to contact a local Secret Service field office if they suspect they've been hacked.

This video contains images from Getty Images.



Reader Comments ...


Next Up in Business

Clark County economic development agency approves $782K budget
Clark County economic development agency approves $782K budget

Board members for the Community Improvement Corp. of Clark County reviewed goals from the past five years and approved the agency’s 2018 budget last week. The CIC promotes economic development in Clark County and is connected to the Chamber of Greater Springfield. The approved the agency’s 2018 budget at more than $782,900, about 10 percent...
WATCH: Amazon’s first ‘store of the future’ opens today
WATCH: Amazon’s first ‘store of the future’ opens today

Amazon’s first store, which has no checkout lanes, opened today in Seattle. The new concept Amazon Go will give consumers “the world’s most advanced shopping technology so you never have to wait in line,” according to the online retail giant. Some industry experts are calling the concept the future of brick-and-mortar retail...
Walmart introduces meal kits with no subscription
Walmart introduces meal kits with no subscription

Walmart is now selling meal kits that require no subscription for customers. Walmart has joined the growing number of grocery retailers offering meal kits in December. Walmart is now touting that its meal kits are hassle-free, and it doesn’t require a subscription like competitor services like Blue Apron. Walmart meal kits come in several brands...
Lending Tree: Dayton home market isn’t so competitive
Lending Tree: Dayton home market isn’t so competitive

The Dayton housing market is one of the least competitive in the country, at least among buyers who make mortgage loan requests through the Lending Tree online marketplace, the company said. In a national ranking, Dayton ranks relatively low for factors Lending Tree deems indicative of a competitive housing market. Prospective buyers in this area have...
Kroger reportedly looking to partner with Overstock.com
Kroger reportedly looking to partner with Overstock.com

Kroger is considering teaming up with Overstock.com Inc. in an effort to compete with online retailers. The New York Post reported the Cincinnati-based grocer may be eyeing a deal with Overstock.com, according to sources. Overstock CEO Patrick Byrne said last year that he plans to sell or reorganize the e-commerce business to focus on blockchain technology...
More Stories