Backoff
Threat Scorecard
EnigmaSoft Threat Scorecard
EnigmaSoft Threat Scorecards are assessment reports for different malware threats which have been collected and analyzed by our research team. EnigmaSoft Threat Scorecards evaluate and rank threats using several metrics including real-world and potential risk factors, trends, frequency, prevalence, and persistence. EnigmaSoft Threat Scorecards are updated regularly based on our research data and metrics and are useful for a wide range of computer users, from end users seeking solutions to remove malware from their systems to security experts analyzing threats.
EnigmaSoft Threat Scorecards display a variety of useful information, including:
Ranking: The ranking of a particular threat in EnigmaSoft’s Threat Database.
Severity Level: The determined severity level of an object, represented numerically, based on our risk modeling process and research, as explained in our Threat Assessment Criteria.
Infected Computers: The number of confirmed and suspected cases of a particular threat detected on infected computers as reported by SpyHunter.
See also Threat Assessment Criteria.
| Ranking: | 10,262 |
| Threat Level: | 10 % (Normal) |
| Infected Computers: | 1,436 |
| First Seen: | November 14, 2014 |
| Last Seen: | September 19, 2023 |
| OS(es) Affected: | Windows |
Backoff is a threat infection that targets PoS (Point-of-Sale) systems. This means that Backoff may target computers involved in retail sales in order to collect credit card information and similar data directly from the consumer when these are used in a transaction. PC security analysts have noted that Backoff and its variants have been used in various high profile attacks against known businesses and chains in the United States. PC security analysts have warned computer users about Backoff and recommend that all businesses take steps to protect their PoS systems from threats like Backoff in order to protect their consumers' privacy and their own data. PC security researchers have observed that Backoff may exploit businesses' admin accounts from a remote location, allowing third parties to collect their customers' payment data.
Table of Contents
PoS Attacks like Backoff Work
In the last year, law enforcement agencies have carried operations to respond to threat attacks on numerous American businesses involving the Backoff infection. Various PoS system vendors have confirmed that their clients have been affected by Backoff attacks. Currently, law enforcement officials estimate that more than one thousand businesses in the United States alone have been affected by Backoff.
Unfortunately, Backoff attacks have been carried out using tools that are available to the public, making this threat even more threatening. Publicly available tools may be used to locate businesses that use remote desktop programs on their PoS systems. Some examples of these types of applications include Microsoft Remote Desktop, Chrome Remote Desktop, Splashtop, Apple Remote Desktop and LogMeIn. The convenience associated with remote desktop programs may be a key factor in allowing businesses to operate smoothly. However, once third parties locate these types of applications, they may try to use a brute force approach to gain access to these computers. This step is crucial, meaning that businesses may protect their PoS systems at this stage by making sure that their computers are protected using strong passwords that may withstand brute force attacks. Once third parties gain access to the admin or privileged access accounts, they may then install a PoS threat in order to collect data from the infected computer. If you have a justification to reckon that your machines have been compromised by this kind of threat, PC security analysts strong advise contacting a law enforcement for help in dealing with these threats and minimizing the impact on your customers.
Understanding Backoff Itself
Backoff is a large family of PoS threats that has emerged in recent times. PC security analysts have noted that Backoff has been used in at least three high-profile attacks. Some variants of Backoff include a threat named goo, MAY, LAST, net, and ROM. Backoff variants are currently active in the wild and were observed as early as October of 2013. Backoff and its variants may have four main functions:
- Searching the infected computer's memory for database.
- Logging keystrokes on the infected computer.
- Connecting to a Command and Control server.
- Injecting a corrupted component into the Explorer.exe file process.
This last function is what allows Backoff to persist even when the infected computer has been reset, or the explorer.exe function stopped. Its first two functions allow Backoff to collect data by searching the infected computer and tracking all activities on it. The third function allows Backoff to receive updates and to relay the information collected from the infected computer to a remote location. All owners of PoS systems should take special care to protect their computers from attacks such as Backoff. Some measures that are essential in preventing Backoff attacks include using strong, impenetrable passwords, hardware encryption methods, and educating operators in order to prevent social engineering approaches. It is also important to use strong anti-malware components that are fully up-to- date, and foster redundant security measures that are checked regularly.
URLs
Backoff may call the following URLs:
| https://feed.hdsportsearch.com/?q= |
| https://feed.hdsportsearchs.com/?q= |
Submit Comment
Please DO NOT use this comment system for support or billing questions. For SpyHunter technical support requests, please contact our technical support team directly by opening a customer support ticket via your SpyHunter. For billing issues, please refer to our "Billing Questions or Problems?" page. For general inquiries (complaints, legal, press, marketing, copyright), visit our "Inquiries and Feedback" page.