The Department of Homeland Security (DHS) revealed Friday that over 1000 businesses across the U.S. have been targeted by a cyber attack that allows hackers to steal personal data from customers’ debit and credit cards. Some of the biggest names that have been hit include Target, Supervalu, and UPS.
The hackers started using a malware called Backoff in October 2013. Backoff’s method has been to pillage the memory contents of cash registers, referred to as point of sales (POS) systems and grab data from credit cards. The malware can observe keyboard strokes and interact with remote servers.
On July 31, the Department of Homeland Security, the Secret Service, Communications Integration Center, and National Cybersecurity all informed companies to scan their POS systems to see if they had been infiltrated by the Backoff virus and its variations, such as goo, MAY, net, and LAST. None of the viruses were detectable by anti-virus programs.
Although the programs needed to detect the Backoff malware are available now, DHS is telling businesses to inform their IT team, managed service provider, antivirus vendor, and cash register system vendors to ascertain whether their systems have been attacked or are vulnerable to attack. The Secret Service is getting involved as well and offering its aid. The Secret Service is convinced that hackers are scanning corporate systems to find their way in to the systems; some vulnerable points appear to be vendors with remote access to the payment system of the business or workers for the company working off-site. Once the hackers find a way in to the system, they use computers to guess username and password combinations ad infinitum until they find the combination.
Once the hackers get into the systems, they obtain financial data from them and ship it to foreign servers. Because identifying Backoff only occurs if the businesses mount an active search for it, DHS and the Secret Service advise companies to cut the number of employees or vendors who can access their internal data networks and to use long and complex passwords. Another recommendation was lock vendors and employees out of their accounts if there were numerous failed login attempts.
An additional guideline was that businesses should separate cash registers from corporate data networks and install two-factor authentication. Two-factor identification forces employees/vendors to enter a one-time password (OTP) as well as a username and password. The one-time password then is given to the mobile phone or email ID registered with the account. One final guideline was for companies to encrypt the payment details of customers as soon as they use their credit cards.
The cyber-attack on Target stores meant millions of debit and credit card customers gave up their private information. Both Supervalu, which stated roughly 180 stores were hit by the virus, and UPS, with 51 stores hit, admitted they had been successfully hit.