TIME Retail

600 Retailers Ensnared in Major New Malware Attack, Cybersecurity Firm Says

Hacker
Getty Images

The Department of Homeland Security is investigating the widespread use of "Backoff" malicious software, which steals data through remote access applications

The number of businesses ensnared in a new malware attack revealed in a Department of Homeland Security report this week may run to six hundred, according to a cybersecurity firm that helped DHS prepare the report.

Hackers are using point-of-sale (PoS) malware to steal consumer payment data, including credit and debit card information, from businesses that use remote desktop applications, according to the DHS report out Thursday. The department is now investigating the breaches.

But cybersecurity company Trustwave says at least six hundred businesses across the country have had the malicious software, dubbed “Backoff,” installed on their networks since Oct. 2013, allowing hackers to steal data. The DHS declined to comment to TIME on the scope of the attack.

Many of the 600 are small independent brick-and-mortar shops, said Karl Sigler, threat intelligence manager at Trustwave, but large national chains have been caught up as well. A DHS official who spoke on the condition of anonymity said that large chains were specifically vulnerable when acquiring a smaller business that could have weaker security protections.

The hackers target businesses that use remote desktop applications, according to the DHS, of the same kind used by technical support to access a computer from an off-site location. Once they find businesses with basic I.T. security or weak passwords, they can gain the same remote access to systems that technical assistance might have and easily install the malware.

“Backoff” then scrapes memory from the victims’ machines, searches for track data and logs keystrokes to reap sensitive data such as credit card information. “Once the malware sees a credit card system in memory, or typed in, it grabs that credit card information, then encrypts it and ships it out to another system under criminals’ control,” Sigler explained.

The DHS first outlined how the hackers gained access to point-of-sale systems to install “Backoff” in its Thursday report. “Recent investigations revealed that malicious actors are using publicly available tools to locate businesses that use remote desktop applications,” it said, citing Microsoft’s Remote Desktop, Apple Remote Desktop, Chrome Remote Desktop, Splashtop 2, Pulseway, and LogMEin Join.Me as commonly used remote desktop solutions.

Many more victims are likely to be discovered in the coming months, Sigler added. “A lot of smaller businesses were affected but there were very large chains that were affected as well. But they’re names anyone in the states would recognize,” Sigler said. “This is just the tip of the iceberg, but only time will tell how far this reaches.”

All the businesses that have so far been identified as targets of the breach are aware of the attack, Trustwave said.

The Secret Service is investigating the hackers behind the attacks on retailers and Sigler said the Department of Justice would likely prosecute the hackers responsible. The Department of Justice did not return requests for comment, while the Secret Service said it could not comment on how many businesses were affected.

The release of the report will likely spur anti-virus vendors to code defenses against existing variants of “Backoff,” the DHS said in its report. Businesses should create complex passwords for their remote desktop access in order to make their systems harder to break into.

TIME Apple

Beats Now Part of the Apple ‘Family’

Tech giant confirms close of deal to buy headphone maker amid reports of possible layoffs

Apple has officially closed a deal to acquire headphone maker and music-streaming service Beats, the company announced Friday.

“Today we are excited to officially welcome Beats Music and Beats Electronics to the Apple family,” Apple said in a statement. “Music has always held a special place in our hearts, and we’re thrilled to join forces with a group of people who love it as much as we do.”

News emerged in May that Apple had struck a $3 billion deal to acquire Beats, a company co-founded in 2008 by Dr. Dre and Jimmy Iovine. Friday’s announcement makes Apple’s biggest-ever acquisition official.

Beats’ core business is production of high-end audio equipment but it also has a music-streaming service that Apple may leverage as it continues to edge in on the evolving music industry.

News of the sealed deal comes on the heels of reports that Apple plans to cut from Beats’ payroll around 200 positions that overlap with roles already filled at Apple, 9to5mac reports. Beats currently has about 700 employees.

Apple told the site it had offered jobs to all Beats employees, but conceded that some of them were for a “limited period” only. “We’ll work hard during this time to find as many of these Beats employees as we can another permanent job within Apple,” the company said.

TIME Banking

How Big Banks Are Finally Getting It Right

It was known as the $39 cup of coffee: Swipe your debit card to pay for your latte and drop your bank account balance into the red, triggering an overdraft fee in the process. Now, that exercise in frustration might finally be getting a rest: New data shows that more Americans will be able to dodge that $35 bullet, especially if they have an account at a big bank.

Overdraft fees were the bane of customers’ existence, but are a revenue lifeline for banks and credit unions, especially after regulatory credit card crackdowns limited how much they could earn from those. They earned around $32 billion last year off our careless swiping — and that was three years after federal reforms that prohibited financial institutions from automatically subjecting people to the fees kicked in — so these fees seemed destined to stick around, no matter how much we hated them.

New research from financial research company Moebs $ervices finds that something interesting is happening, though: Overdraft fees are there, but increasingly, banks and credit unions are waiving them if the customer just drops into the red by a small amount — say a cup or two of coffee.

We seem to be at a tipping point: Just over half of financial institutions with more than $50 billion in assets waive overdraft fees for small-dollar transactions, with an average cutoff amount of a little over five bucks.

Across all financial institutions, Moebs finds that just over one in four have a small-dollar overdraft waiver in place, with an average cutoff amount of $7.40, although cutoffs range from a single dollar all the way up to $50.

Smaller banks and credit unions are least likely to extend these waivers for low-amount overdrafts: Only about 15% of institutions with $100 million or less in assets offer them, and just under 11% of credit unions.

CEO and economist of Moebs $ervices Mike Moebs says that although smaller institutions might not have these policies on paper, it’s likely that they might extend waivers when customers call and ask.

Aside from the threat of further regulation, Moebs says bank technology has improved so institutions can get more detailed with their parameters. He says consumers have been demanding more customer-friendly features (and regulators have been listening to their complaints).

The dearth of paper checks helps, too, he says. “[The] lack of float due to only about 10% of payment system is paper checks is another factor.” With money moving from one place to another pretty much in real time, it’s easier for banks to be a little more flexible.

There are some distinct regional differences in Moebs’ data. Kentucky and New Hampshire residents have better than a 50% shot of getting their small-dollar overdrafts waived, versus fewer than a 20% chance in Florida, Maryland, Nevada and Wisconsin. There’s a similar split among metro areas, ranging from zero in Denver to 44% in San Antonio. (The overall averages are higher because banks in rural areas are more likely to offer waivers than those in urban or suburban settings.)

Here, Moebs says local competition is a contributing factor. If one bank offers a waiver, especially one with a higher amount, its competitors will feel pressure to follow suit.

TIME Companies

So Long, Shamu: Southwest, SeaWorld End Ties

Southwest Airlines debuts Penguin One in celebration of 25 years
Southwest Airlines debuts its newest specialty plane, Penguin One, in celebration of 25 years of partnership with SeaWorld on June 20, 2013 Stephen M. Keller—Southwest Airlines/AP

The decision comes amid animal-rights backlash, but the two companies insist the break is "mutual"

Southwest Airlines and SeaWorld Parks & Entertainment will be ending their 26-year relationship, a decision that comes a year after a documentary film raised questions about the theme-park chain’s treatment of whales.

In a joint statement released on Thursday, the two sides described the decision to end their decades-long co-marketing scheme as “mutual.”

“The companies decided not to renew the contract based on shifting priorities,” read the statement, explaining that the airliner would focus on expanding into international service while SeaWorld is eyeing new opportunities to grow in Asian and Latin American markets.

The press release made no mention of the pressure both companies have faced since the release of the film Blackfish last year. The documentary focuses on the alleged mistreatment of SeaWorld orcas and the violent deaths of several trainers working with the animals.

A petition posted on Change.org calling on Southwest to terminate its relationship with the Florida-based amusement-park chain garnered 30,000 signatures. Attendance at SeaWorld parks dropped 4.1% in the last year, according to the Los Angeles Times.

The three Southwest aircraft painted to promote the amusement parks will return to the company’s traditional livery by year’s end.

TIME Tech

eBay’s Surprising Diversity Figures

The eBay headquarters seen in San Jose, Calif., in 2011.
The eBay headquarters seen in San Jose, Calif., in 2011 David Paul Morris—Bloomberg/Getty Images

The online-auction site employs more women than its Silicon Valley peers. But men still dominate in technical and leadership positions

The tech industry is notoriously dominated by white and Asian men. But eBay’s first diversity report shows that it employs more women, blacks and Hispanics than its peers.

Forty-two percent of eBay’s staff of 33,000 workers is female, beating out LinkedIn’s 39%, Yahoo’s 37%, Facebook’s 31%, Twitter’s 30% and Google’s 30%.

eBay also reported that 7% of its U.S. employees are black and 5% are Hispanic.

But even though eBay as a whole may be more diverse than many other tech companies — it also had a female CEO, Meg Whitman, from 1998 through 2008 — there is still a huge gender gap in terms of tech jobs and leadership roles: only 24% of eBay’s tech workers are women.

And even though eBay says it has doubled the number of women promoted to leadership positions in the past three years, just 28% of those in leadership at eBay are women. (For comparison, 17% of Google’s engineers are women, and 21% of leaders are women.)

The same holds true for race. Of those working tech jobs, only 2% are black, 2% are Hispanic and 1% are multiracial. Meanwhile, 40% of those holding tech jobs are white, and 55% are Asian.

Similarly, only 5% of those in leadership positions are black, Hispanic or multiracial. A whopping 72% of the company’s leaders are white, and only 23% are Asian.

TIME facebook

Facebook’s New App Gives Free Internet Access in Developing World

So far, the app is only available in Zambia.

+ READ ARTICLE

Facebook is taking another big step toward fulfilling its vision of bringing the Internet to the entire world.

 

On Thursday, the company launched its first app for Internet.org, a partnership among tech giants to beam wireless service to developing markets. The new app, which is debuting first in Zambia to subscribers of local wireless carrier Airtel, will allow users to access a select number of services without racking up data charges. The sites and apps include Facebook, Messenger, Google Search, Wikipedia, a weather service and an app promoting women’s rights.

“By providing free basic services via the app, we hope to bring more people online and help them discover valuable services they might not have otherwise,” Facebook said in a blog post announcing the app.

Facebook seems serious about using Internet.org to spread Internet connectivity. Earlier this year the company unveiled a plan to use drones, satellites and lasers to provide Internet access in remote places. So far, Facebook says it has brought 3 million people online who previously had no Internet access.

There are obvious reasons for the altruism — Facebook’s growth rate is slowing in Western markets, so the company sees developing countries as its biggest opportunity for new users. But the company has to get people in those countries online before it can convince them to join Facebook. Google is implementing a similar strategy through Project Loon, a plan to provide Internet access in remote areas via balloons.

Facebook says it plans to bring the Internet.org app to other parts of the world in the future.

MONEY Savings

How to Thrive in Retirement After Falling Short of Goals

Turns out, many retirees don't need as much in savings as they once thought. They are surprisingly delighted with their downsized life and embrace a flexible budget.

Maybe the experts are wrong. Retirement planners say you will need at least 70% of pre-retirement income to enjoy your golden years. Some target as much as 80% or even 85%. Yet recent retirees with less say they are doing just fine, thank you.

Three years into retirement, the average replacement income of people with an IRA or 401(k) plan is just 66% of final pay, mutual fund company T. Rowe Price found. Yet more than half say they are living as well or better than when they were working, and 89% say they are somewhat or very satisfied with retirement so far.

Such findings belie our widely accepted retirement savings crisis. In aggregate, we are way under saved. The average 50-year-old has put away just $44,000. But clearly a large subset—those with either a 401(k) plan or IRA, or both—are doing pretty well. This is the group that T. Rowe Price surveyed by filtering for those retired less than five years or over 50 and still working.

This particular group of savers may want to let up on the handwringing. As recent research by EBRI and ICI show, consistent 401(k) investors (those who held accounts between 2007 and 2012) had balances 67% higher than overall plan participants, reaching an average $107,000.

For years a small band of economists led by Lawrence Kotlikoff, the Boston University economics professor, have been making the case that many people are over saving. Kotlikoff argues that the financial services industry is essentially scaring people into over saving in order to collect fees. The fright factor is evident in the T. Rowe Price survey, where those still at work expressed far more anxiety than those who have reached retirement and found it to be less financially challenging than they may have been led to believe.

Half of workers believe they will have to reduce their standard of living in retirement, compared to just 35% of recent retirees who think that way. More workers also believe they will run out of money (22% vs. 14%), and workers are much less likely to believe they will be able to afford health care (49% vs. 70%), the survey shows.

Recent retirees in this survey have median assets of $473,000. That includes investable assets plus home equity minus debt. Home equity is a big part of their holdings at $191,000. They have just 52% of investable assets in stocks and asset allocation mutual funds, and are playing it fairly safe with 31% in cash.

How are they managing on pre-retirement income that falls short of most planners’ models? A third are working at something or looking for work, and to augment Social Security and pension income they are drawing down their savings by an average of 4% a year, which is a rate that many planners consider reasonable.

But the real source of new retiree satisfaction may be their genuine appreciation for a downsized life: 85% say they do not need to spend as much in order to be happy and 65% feel relieved to no longer be trying to keep up with the Joneses. In addition, they embrace flexibility with 60% saying they would rather adjust their spending to maintain their portfolio than maintain their spending at the expense of their portfolio. With that attitude, almost any retiree can feel good about their life.

Related links:

 

TIME Companies

Target Announces New CEO To Lead Recovery After Data Breach

Brian Cornell, then president and CEO of Sam's Club, speaks during the Wal-Mart Stores Inc. shareholders' meeting in Fayetteville, Ark., in this June 4, 2010 file photo.
Brian Cornell, then president and CEO of Sam's Club, speaks during the Wal-Mart Stores Inc. shareholders' meeting in Fayetteville, Ark., in this June 4, 2010 file photo. April L. Brown—AP

Brian Cornell will help "bring vision, focus and a wealth of experience to Target’s transformation," the company said Thursday.

Target announced a new CEO Thursday as it looks to rebound from the damage wrought last year by a massive data breach that prompted former CEO Gregg Steinhafel’s resignation.

PepsiCo exec Brian Cornell, the former head of Sam’s Club, will take over at Target, replacing interim CEO John Mulligan, the company said in statement.

Steinhafel stepped down in May, months after an embarrassing data breach affected up to 110 million customers and cut into company profits. When he resigned, Target said Steinhafel had held himself “personally accountable” and “pledged that Target would emerge a better company.”

On Thursday, Target said Cornell, the former CEO of PepsiCO Americas Foods, would help “bring vision, focus and a wealth of experience to Target’s transformation.”

TIME Retail

Target Names Pepsi’s Cornell as Chairman, CEO

(MINNEAPOLIS) — Target has hired Pepsi executive Brian Cornell as its new chairman and CEO as it looks to recover from a huge data breach and troubles in Canada.

Cornell replaces interim CEO John Mulligan, who is chief financial officer for the Minneapolis company. Mulligan stepped into the interim CEO post in May when Target Corp.’s Gregg Steinhafel resigned following a large data breach in the runup to Christmas.

Cornell, 55, most recently served as CEO of PepsiCo Americas Foods. Prior to that, he was CEO and president of Sam’s Club of Wal-Mart International and CEO of Michaels Stores Inc.

PepsiCo Inc. said in a statement Thursday that it expects to announce Cornell’s successor soon.

Cornell is set to become Target’s CEO on Aug. 12.

TIME mergers

Why Big Mergers Are Bad for Consumers

When big companies merge, it’s good for the bankers — but not so good for the rest of us

Rupert Murdoch’s 21st Century Fox wants to take over Time Warner. Comcast wants to buy Time Warner Cable. AT&T and DirecTV may hook up to compete against them. T-Mobile and Sprint are looking to connect, as are any number of other large communications firms, not to mention technology and pharma giants. We are in a new golden age of mergers and acquisitions–M&A activity was up sharply in 2014 and is already at pre-financial-crisis levels. Now bankers are salivating at the billions of dollars in fees such deals generate. The question is, Will the deals be any good for the rest of us?

Since the early 1980s, antitrust regulators like the Department of Justice and the Federal Trade Commission have tried to answer that question by asking another: Will a given merger bring down prices and improve services for consumers? If the answer was even remotely yes, then the merger–no matter how big–was likely to go through. But voices on all sides of the antitrust debate are beginning to question whether that rationale is actually working anymore.

Nobody would argue that the megamergers that have taken place over the past 30 years in pharmaceuticals, for example, have brought down drug prices. Or that the tie-ups between big airlines have made flying more enjoyable. Or that conglomerate banks have made our financial system more robust. “Merging companies always say that they’ll save money and bring down prices,” says Albert Foer, president of the American Antitrust Institute, a think tank devoted to studying competition. “But the reality is that they often end up with monopoly power that allows them to exert incredible pressure in whatever way they like.” That can include squeezing not only customers but also smaller suppliers way down the food chain.

Take the book business, for example. Though publishing is minuscule as a percentage of the economy, it has recently become a focal point in the debate over how our antitrust system works (or doesn’t), mostly because it illustrates the incredible power of one corporation: Amazon. In 2012, the Department of Justice went after tech giant Apple and a group of five major book publishers for collusion, winning a case against them for attempting to fix the prices of e-books. The publishers argued their actions were a response to anticompetitive monopoly pricing by Amazon. Apple is appealing.

Did the verdict serve the public? Many people, including star trial attorney David Boies, say no. Boies, who’s been representing large firms on both sides of the antitrust issue as well as the DOJ over the past several decades, says the verdict is “a failure of common sense and analysis.” Regulators often bring collusion cases, for example, because they are relatively easy to prove. Yet in this case, argues Boies, it led to an outcome in which the entrenched market participant, Amazon, was strengthened, and new participants–Apple and the book publishers–that hoped to create a competing platform in the e-book industry were shot down. “The result is that Amazon gets bigger, and eventually regulators will have to go after them,” says Boies. “We really need a more realistic, commonsense view of antitrust enforcement.” Amazon declined to comment.

The “Bigger Is Better” ethos of the 1980s and 1990s grew not only out of conservative, markets-know-best thinking. It was also fueled by a belief on the left that antitrust enforcement was wasteful and that regulating big companies was preferable to trying to stop them from becoming too big in the first place. Neither side got it right. Big companies aren’t always concerned first about the welfare of their customers–or particularly easy to regulate. The idea of letting companies do whatever they want as long as they can prove that they are decreasing prices may be far too simplistic a logic to serve the public–or even the corporate–good. Amazon shares have tumbled as investors worry about the future of a company that has so successfully compressed prices that it generates as much as $20 billion in revenue a quarter but no profit.

How to fix things? We need a rethink of antitrust logic that takes into consideration a more complex, global landscape in which megamergers have unpredictable ripple effects. We also need a new definition of consumer good that encompasses not only price but choice and the kind of marketplace diversity that encourages innovation and growth. Tech and communications firms today are like the railroads of old: it will take a strong hand to rein them in. That’s a task not for regulators but for Congress and a new Administration. Until then, with corporate coffers full and markets flying high, the big are only likely to get bigger.

Your browser, Internet Explorer 8 or below, is out of date. It has known security flaws and may not display all features of this and other websites.

Learn how to update your browser