By Andrew Serwin and Ron Plesco.
There is a new piece of malware that has come to the attention of the Department of Homeland Security, and companies should be aware of this, as it is apparently not readily detectable by anti-virus software. DHS recently released an alert regarding a new piece of malware, known as “Backoff”, which apparently compromises Point-of-Sale systems. According to DHS, the malware has the capability to:
- Scrape memory for track data;
- Log key strokes;
- Command and control (C2) communication; and
- Inject malicious stub into explorer.exe.
This malware, according to DHS can expose individual’s information, including: names; mailing addresses; credit/debit card numbers; phone numbers; and email addresses to cybercriminals.
It is believed by DHS that existing anti-virus programs will soon have the capability to detect this malware, but in any case, DHS listed some indicia of compromise that it believes can be used to detect the malware.
Addressing these issues as a matter of best practice is important, but as shown by research by the Lares Institute, protecting a consumer’s information from identity theft is also important from a trust perspective. According to a recent study by the Lares Institute, identity theft is the number one consumer concern when consumers are asked why they are concerned about their privacy.
From a business perspective, companies must also understand the revenue impact as well. When asked if they had made buying decisions based upon privacy, 39% reported that they had made a buying decision based upon concerns over privacy.
A link to the alert can be found here, and it has more details regarding the malware and how to detect it.