Backoff malware attacks hit 'more than 1,000 big businesses', warns US government

Secret Service: tell us if you've been infected

A Point-of-Sale malware attack that struck shipping outfit UPS has compromised the networks of a "significant" number of major businesses in the US, according to the country's Homeland Security office.

The US administration's Computer Emergency Readiness Team (CERT) advised administrators and operators of PoS systems to familiarise themselves with the Backoff malware alert posted by Homeland Security at the end of last month.

"Organisations that believe they have been infected with Backoff are also encouraged to contact their local US Secret Service Field Office," it added.

US businesses including Target, Supervalu and UPS Stores have been affected by the malware attack.

UPS discovered an outbreak of debit and credit-card-reading malware in 51 of its branches in the US earlier this week.

Miscreants are understood to have secretly ransacked the data of millions of payment cards from American customers, according to the New York Times, which - citing numbers from the Secret Service - reported that more than 1,000 US businesses had been compromised.

Last Wednesday, UPS coughed to the security breach and admitted credit and debit card data had been exposed at 51 of its stores between 20 January 2014 and 11 August 2014. As many as 100,000 transactions may have been snooped on, we were told, out of the millions normally running through the UPS network.

Names and addresses were also said to have been accessible by the malware in the affected systems. ®


Free virtual appliance for wire data analytics
The ExtraHop Discovery Edition is a free virtual appliance will help you to discover the performance of your applications across the network, web, VDI, database, and storage tiers.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
The total economic impact of Druva inSync
Examining the ROI enterprises may realize by implementing inSync, as they look to improve backup and recovery of endpoint data in a cost-effective manner.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Website security in corporate America
Find out how you rank among other IT managers testing your website's vulnerabilities.