The number of computers in North America infected by the Backoff malware, which is blamed for a string of payment card breaches, has risen sharply, according to research from network security company Damballa.The company detected a 57 percent increase between August and September in devices infected with Backoff, which scrapes a computer’s RAM for leftover credit card data after a payment card has been swiped, said Brian Foster, Damballa’s CTO.Damballa based its finding on data it collects from its ISP and enterprise customers, who use its traffic analysis products to detect malicious activity.Damballa sees about 55 percent of internet traffic from North America, including DNS requests, though for privacy reasons it doesn’t know the IP addresses of most of those computers, Foster said. The company runs a Hadoop cluster at its Atlanta headquarters, where it analyzes the DNS requests and classifies them as good or potentially malicious by looking at the servers being contacted.“We actually attribute the behaviors we see — as well as the domain names and IP addresses that malware is looking up — to threat actors and threat groups,” Foster said. “We track a set of domain characteristics and domain names that are related to Backoff, and it’s looking at the volume of those lookups that shows us the increase.”The retail industry is struggling to contain attacks targeting payment card data, and RAM-scraping malware has hit big-name companies like Home Depot, Target and Dairy Queen. The Department of Homeland Security warned in August that as many as 1,000 enterprise and small-business networks may be infected with Backoff and not know it.Damballa has greater visibility into the networks of companies that use its services, Foster said, enabling it to warn those that may be infected. For ISPs that use its services, Damballa can alert them that their customers may have been infected and leave it to the IPSs to pass along the message.ISPs have become more active about notifying customers, he said. That’s been spurred by a desire to avoid government regulation, especially among the larger ISPs, he said. They also want to ensure the performance of their networks, since they increasingly offer high-bandwidth entertainment services.“They see security as an enabler for a lot of their other business practices,” Foster said.Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe