The infamous Backoff point-of-sale (PoS) Trojan is still finding hundreds of victims per week, despite work by the security community and law enforcement to take it down, according to researchers from Kaspersky Lab.
Kaspersky Lab researchers Costin Raiu, Roel Schouwenberg, Ryan Naraine reported uncovering the worrying trend after sinkholing two command-and-control (C&C) servers used by Backoff, in a blog post.
"We sinkholed two C&C servers that Backoff samples used to communicate with their masters. These C&C servers are used by certain samples that were compiled from January to March 2014. Over the past few days, we observed over 100 victims in several countries connecting to the sinkhole," read the post.
The US was listed as the worst-affected country, accounting for 69 of 100 infections. Key victims included a global freight shipping and transport logistics company, a payroll association, an Alabama internet service provider (ISP) and a Mexican food chain.
Canada was the second worst-hit nation and suffered 28 infections. The UK was the third worst-hit nation, with Kaspersky detecting two infections.
The identity of the UK victims remain unknown, though Kaspersky confirmed that one is, "a UK-based charitable organisation that provides support, advice and information to local voluntary organisations and community groups."
The Backoff Trojan was originally discovered by researchers at Trustwave's SpiderLabs in July and is dangerous enough that it led the US Secret Service, in partnership with the Department of Homeland Security, to issue a separate threat advisory.
The Kaspersky researchers said Backoff's ongoing success is due to US companies' ongoing use of outdated payment technology and that they expect to see attack levels targeting PoS systems continue to rise.
"This speaks volumes about the current state of PoS security, and other cyber criminals are sure to have taken note. It's very clear that PoS networks are prime targets for malware attacks. This is especially true in the US, which still doesn't support EMV [Europay, MasterCard and Visa] chip-enabled cards," read the post.
"Unlike magnetic strips, EMV chips on credit cards can't be easily cloned, making them more resilient. Unfortunately, the US is adopting chip and signature, rather than chip and PIN. This effectively negates some of the added security EMV can bring."
Backoff is one of many hack campaigns uncovered this year. Researchers at FireEye uncovered a botnet campaign, codenamed BrutPoS, targeting PoS systems in July. The BrutPoS botnet is believed to have successfully infiltrated at least 57 PoS systems within two weeks of its launch.
Latest Tesla news: Tesla stock price tanks amid reports of 'widening probe' by SEC and claims the base Model 3 loses money
SEC 'probe' takes its toll on Tesla as new research suggests that Tesla loses $6,000 on every $35,000 Model 3
10nm Cannon Lake Core i3-8121U CPUs make a rare outing with Intel's NUC mini PC
'Notorious' Australian child hacker thought he had executed 'flawless' hack
The former employee says that Tesla fired him for bringing the accusations to management internally