lolloj - Fotolia

Manage Learn to apply best practices and optimize your operations.

How can companies protect against Backoff malware?

After Backoff malware was discovered in over 1,000 businesses, companies should be asking how to prevent it. Expert Mike Chapple answers.

Since the point-of-sale malware Backoff was discovered on so many businesses -- more than 1,000, according to the U.S. government -- the PCI SSC is strongly suggesting security teams take steps to prevent it. What should my company be doing to stop Backoff?

During the summer of 2014, the U.S. Department of Homeland Security issued several warnings to retailers about the Backoff malware, which it estimated had affected over 1,000 businesses in the United States. The rise of Backoff malware comes in the midst of several high-profile security breaches that affected national retailers like Home Depot, Target and others.

If a company operates a retail environment, it is already well-acquainted with PCI DSS. The good news is that, if the organization is currently PCI-compliant, it is probably also protected against Backoff. PCI DSS requires organizations to install antivirus software on "all systems commonly affected by malicious software" and to keep antivirus signatures current.

The major antivirus software vendors have already issued signatures for Backoff and its variants. If a company runs current software, it's reasonable to assume its systems are protected. This is, however, a good opportunity to verify the software is installed and up to date on all systems within the cardholder data environment. It is also a good idea to manually check scan results to ensure all systems are checking in as expected and that there is no sign of Backoff on the company network.

Ask the Expert!
Got a vexing problem for Mike Chapple or any of our other experts? Ask your enterprise-specific questions today! (All questions are anonymous.)

Next Steps

Backoff malware campaign infected over 1,000 businesses according to the U.S. Department of Homeland Security.

Sophos' Chester Wisniewski details point-of-sale security for enterprises.

This was last published in January 2015

Dig Deeper on Malware, virus, Trojan and spyware protection and removal

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

Computer security rarely relies on major undertakings/efforts but usually on simple tasks. Installing and keeping antivirus software up-to-date can adequately protect against most malware software.