Remember the massive data breach Target suffered late last year, where hackers compromised the credit card data of over 40 million Target customers and cost the retail giant millions of dollars? Well, the federal government says that attack might just be the beginning.
An advisory published by the Department of Homeland Security warns retailers that point-of-sale or PoS malware attacks, like the one that struck Target, might still be floating around in the wild, undetected. The DHS estimates about 1,000 U.S. businesses could be affected by the virus.
The dire warning stems from an earlier report issued last month about a new type of PoS attack, dubbed "Backoff" malware. The attackers exploit insecurities in remote desktop software to access administrator accounts and steal consumer data from PoS systems.
That's probably how the Target breach happened — back in February, cybersecurity blogger Brian Krebs reported a compromised HVAC vendor account might have given hackers access to Target's systems.
Since the report was released, most antivirus software has been updated to be on the lookout for Backoff — but the feds are still advising businesses double-check their systems. The U.S. Secret Service says seven different businesses have reported Backoff attacks since the Target breach.
U.S. retailers have been a particularly attractive target for hackers in recent years — high-profile businesses like Neiman Marcus, P.F. Chang's, Supervalu and UPS have all been hit with cyberattacks over the past year. Of course, we don't know if all of these attacks were necessarily Backoff — but they did all target credit card data.
A Vendor Safe analyst says Backoff is one of those malware programs that's "so insidious that it changes the landscape of computer security." He argues Backoff's high-profile strikes should prompt businesses to embrace "basic security measures which too many retailers have ignored."
And a Tom's Guide editor agrees, telling CNBC there's a few basic steps retailers can take to help protect their systems.
"They need to separate their own access systems from their point of sales systems and the like, and then they just have to be more proactive about monitoring their databases."
The DHS estimated Backoff first appeared in October 2013 — antivirus solutions for the malware weren't widespread until this month. Retailers are encouraged to contact a local Secret Service field office if they suspect they've been hacked.
This video contains images from Getty Images.
Thank you for reading the Springfield News-Sun and for supporting local journalism. Subscribers: log in for access to your daily ePaper and premium newsletters.
Thank you for supporting in-depth local journalism with your subscription to the Springfield News-Sun. Get more news when you want it with email newsletters just for subscribers. Sign up here.