TA14-212A: Backoff Point-of-Sale Malware

ronjor · Jul 31, 2014

07/31/2014 07:30 AM EDT

Original release date: July 31, 2014
Systems Affected

Point-of-Sale Systems
Click to expand...

https://www.us-cert.gov/ncas/alerts/TA14-212A

Dermot7 · Aug 1, 2014

As discussed in the an advisory published by US-CERT, Trustwave SpiderLabs has discovered a previously unidentified family of Point of Sale (PoS) malware. This blog post serves as a technical analysis of the Backoff malware family. While a number of variants have been discovered, this post will focus on the most recent version encountered (1.56 “LAST”).
Click to expand...

http://blog.spiderlabs.com/2014/07/backoff-technical-analysis.html

ronjor · Aug 18, 2014

Backoff Point-of-Sale Malware
Original release date: July 31, 2014 | Last revised: August 18, 2014

Overview

This advisory was prepared in collaboration with the National Cybersecurity and Communications Integration Center (NCCIC), United States Secret Service (USSS), Financial Sector Information Sharing and Analysis Center (FS-ISAC), and Trustwave Spiderlabs, a trusted partner under contract with the USSS. The purpose of this release is to provide relevant and actionable technical indicators for network defense
Click to expand...

https://www.us-cert.gov/ncas/alerts/TA14-212A

ronjor · Aug 22, 2014

More Than 1,000 Businesses in U.S. Affected by Same Cyberattack That Hit Target

By NICOLE PERLROTH
August 22, 2014 2:35 pm

On July 31, Homeland Security along with the Secret Service, the National Cybersecurity and Communications Integration Center and their partners in the security industry warned companies to check their in-store cash register systems for malware, which security experts dubbed “Backoff” after a word that appeared in its code. Until that point, Backoff malware and variations of it were undetectable by anti-virus products.
Click to expand...

http://bits.blogs.nytimes.com/2014/...1000-businesses-on-hack-that-affected-target/

ronjor · Aug 22, 2014

Alert (TA14-212A)
Backoff Point-of-Sale Malware
Original release date: July 31, 2014 | Last revised: August 22, 2014

August 22, 2014 - Changes to the Overview section

https://www.us-cert.gov/ncas/alerts/TA14-212A

siljaline · Aug 23, 2014

See also:
U.S. warns 'significant number' of major businesses hit by Backoff malware

Over a thousand major enterprise networks and small and medium businesses in the U.S. have been compromised by a recently discovered malware package called "Backoff" and are probably unaware of it, the U.S. Department of Homeland Security (DHS) said in a cybersecurity alert on Friday.

Backoff first appeared in October 2013 and is capable of scraping the memory contents of point of sales systems -- industry speak for cash registers and other terminals used at store checkouts -- for data swiped from credit cards, from monitoring the keyboard and logging keystrokes, from communicating with a remote server.
Click to expand...

http://www.infoworld.com/d/security...f-major-businesses-hit-backoff-malware-249047

Dermot7 · Aug 30, 2014

Although very thorough, the existing public analyses of Backoff are missing a very relevant piece of information: the command-and-control (C&C) servers. However, if you have access to the samples it isn't hard to extract this information. At the end of this document, you can find a full list together with other IOCs (indicators of compromise).
Click to expand...

https://securelist.com/blog/research/66305/sinkholing-the-backoff-pos-trojan/

siljaline · Aug 30, 2014

Backoff malware infections are more widespread than thought

The number of businesses hit by the data-stealing Backoff malware may be substantially more than the 1,000 or so companies estimated by federal officials, according to security vendor Kaspersky Labs.
Researchers at Kaspersky managed to intercept traffic between systems infected by Backoff and two servers used by hackers to control the malware.
Click to expand...

http://www.computerworld.com/articl...ections-are-more-widespread-than-thought.html

ronjor · Oct 24, 2014

The 'Backoff' malware linked to data breaches is spreading

A rising number of devices are connecting to Backoff-related infrastructure, Damballa says

Jeremy Kirk (IDG News Service) on 24 October, 2014 22:02
Click to expand...

http://www.cso.com.au/article/558175/backoff-malware-linked-data-breaches-spreading

ronjor · Nov 4, 2014

New Version of Backoff PoS Malware Appears: Fortinet

By Brian Prince on November 03, 2014

Researchers at Fortinet said they have encountered a new version of the notorious Backoff malware targeting point-of-sale systems.
Click to expand...

http://www.securityweek.com/new-version-backoff-pos-malware-appears-fortinet

Log in or Sign up

TA14-212A: Backoff Point-of-Sale Malware

ronjor Global Moderator

Dermot7 Registered Member

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

siljaline Registered Member

Dermot7 Registered Member

siljaline Registered Member

ronjor Global Moderator

ronjor Global Moderator

Log in or Sign up

TA14-212A: Backoff Point-of-Sale Malware

ronjor Global Moderator

Dermot7 Registered Member

ronjor Global Moderator

ronjor Global Moderator

ronjor Global Moderator

siljaline Registered Member

Dermot7 Registered Member

siljaline Registered Member

ronjor Global Moderator

ronjor Global Moderator

Useful Searches