New security bug dubbed Backoff exposed

Another major breach, which came to light in July 2014, apparently occurred at Goodwill Industries International Inc. The culprit: a new strain of malware called Backoff. Once again, security investigative reporter Brian Krebs broke the story on his blog site KrebsonSecurity. Krebs wrote in the July 21 post that unnamed sources within the financial services industry said multiple Goodwill locations had been breached and that an unknown number of credit and debit cards had been compromised.
Goodwill informed Krebs that it had only learned about the breach on July 18, when a payments industry fraud investigative unit and federal authorities alerted the nonprofit organization of the possible compromise. Krebs’ sources said Goodwill stores in 21 states, including California, Colorado, Minnesota and New Jersey, may have been affected.
Goodwill operates a network of 165 independent, community-based centers in the United States and Canada to offer job training and other services. The nonprofit generates revenue for its programs through 2,900 retail locations that sell donated goods to primarily low-income consumers.
Krebs reported that the compromised cards had been used at Goodwill stores, but that the fraudulent charges on those cards occurred at big-box retailers and supermarket chains. “This is consistent with activity seen in the wake of other large data breaches involving compromised credit and debit cards, including the break-ins at Target, Neiman Marcus, Michaels, Sally Beauty, and P.F. Chang’s,” he wrote.

The Backoff malware

On July 31, 2014, the United States Computer Emergency Readiness Team (US-Cert), an organization operating within the U.S. Department of Homeland Security, issued an alert about the new Backoff malware attack vector.

Working in collaboration with the National Cybersecurity and Communications Integration Center, United States Secret Service, Financial Sector Information Sharing and Analysis Center and Trustwave’s Spiderlabs security research division, US-Cert said Backoff is associated with several POS data breach investigations, and that “fully updated anti-virus engines on fully patched computers could not identify the malware as malicious.”

The alert said Backoff has existed since October 2013 and that the malware employs memory scraping and keylogging to lift payment data from networks. Fraudsters then commonly create counterfeit cards using that stolen data and send out individuals known as “mules” to purchase goods with the fake cards and, in the case of debit cards, drain bank accounts via cash withdrawals at ATMs.

US-Cert added that the variants of the Backoff malware had gone largely undetected by security firms.

Payment Solutions for Maximum Performance

Around the world every day, Insignia Payment Solutions makes payment transactions secure, fast and easy for merchants, financial institutions and their customers. We leverage our paralleled product portfolio and expertise to deliver processing solutions that drive customer revenue and profitability. Whether the payment is by debit or credit, gift card, check or mobile phone, online or at the point of sale, Insignia Payment Solutions helps you maximize value for your business.

Share: