The U.S. Secret Service estimates that more than 1,000 American businesses have been victimized by the type of point-of-sale system malware that recently affected Target and Supervalu.

The Department of Homeland Security on Friday issued an advisory recommending all companies that employ point-of-sale systems monitor their networks for this malware, noting that many businesses are likely affected but don't yet know it.

The malware, known as "Backoff," is used by cyberthieves to steal payment card information from customers of the infected businesses, and has been used in such attacks dating back at least as far as October 2013.

Tim Erlin, a Minneapolis-based IT risk strategist for Portland, Ore.

(AP Photo/Martin Meissner, File)
(AP Photo/Martin Meissner, File) (Martin Meissner/AP)
, software company TripWire, said the recent rash of data breaches involving American retailers is "more of a series than we've ever seen before."

"One big breach is news, but a list of big breaches is clearly a pattern of some type," Erlin said. "We have some evidence that the same tools have been used in these cases, but that doesn't mean the same burglar perpetrated the crimes."

Since Backoff was first identified last year, the Secret Service has responded to cyberattacks "at numerous businesses throughout the United States" that involved the malware, the DHS advisory said, adding that seven point-of-sale system providers have confirmed that several of their clients have been affected.

In July, the Secret Service and DHS published a joint report on the Backoff malware.


Advertisement

According to the report, most attacks begin with cyberthieves gaining remote access to a targeted company's network through a compromised administrator account. This allows them to deploy the malware and extract customer payment card data.

It was a similar scheme that resulted in the theft of payment card information from 40 million Target customers late last year.

The report said at the time it was discovered, the Backoff malware "had low to zero percent" detection rates by available anti-virus software. Friday's DHS advisory indicated this is no longer the case.

"It is catchable, it is preventable, and most importantly, it is entirely possible to shorten the window of time in which the compromise is in place and successful," Erlin said.

Retailers and payment card companies are already working to replace magnetic strip card systems with the more secure chip-and-PIN technology.

Erlin said the relatively short window of the Supervalu breach indicates businesses are aware of the risks they face and are working to thwart would-be thieves.

"June to July, and they discovered it themselves," Erlin said. "As opposed to what has been the pattern in the past, which is the breaches go on for a long time, and they're discovered because of fraudulent activity -- somebody selling the credit cards."

Nick Woltman can be reached at 651-228-5189. Follow him on Twitter at @nickwoltman. Tom Webb can be reached at 651-228- 5428. Follow him on Twitter at twitter.com/TomWebbMN.The Associated Press contributed to this report.