News

Retailers warned on methods used by Target hackers

Retailers warned on methods used by Target hackers

HACK ATTACK: The attack on Target Corp could be the largest such data breach in U.S. history. Photo: Associated Press

By Jim Finkle

BOSTON (Reuters) – The cyber security firm IntelCrawler said on Friday it has uncovered at least six ongoing attacks at merchants across the United States whose credit card processing systems are infected with the same type of malicious software used to steal data from some 40 million credit cards at Target Inc.

Andrew Komarov, the firm’s chief executive, told Reuters that his firm has alerted law enforcement, Visa Inc and intelligence teams at several large banks about the findings.

The report from IntelCrawler is the latest evidence to suggest that disclosures from Target Inc and upscale department store Neiman Marcus about cyber attacks that resulted in the theft of payment cards and other customer data may only be the tip of the iceberg.

Komarov said that retailers in California and New York were among those compromised with BlackPOS, the same malicious software used in the attack on Target. Their names could not immediately be confirmed.

A Visa spokeswoman said she could not immediately comment.

The U.S. government provided merchants with information gleaned from its confidential investigation into the massive data breach at Target Corp, in a move aimed at identifying and thwarting similar attacks that may be ongoing.

The report titled “Indicators for Network Defenders” brings to light some of the first information gleaned from the government’s highly secretive probes into the Target breach and other retail hacks, including details useful for detecting malicious programs that elude anti-virus software.

“It’s a shame this report wasn’t released a month ago,” said Dmitri Alperovitch, chief technology officer of the cybersecurity firm CrowdStrike. “It has been frustrating for some retailers because it has been incredibly difficult for most firms to get information. It has not been forthcoming.”

No. 3 U.S. retailer Target disclosed the theft of some 40 million payment card numbers and the personal data of 70 million customers in a cyber attack that occurred over the holiday shopping season. Neiman Marcus last week said that it too was victim of a cyber attack, and sources have told Reuters that at least three other well-known national retailers have been attacked..

The document noted that an underground market for malicious software to attack point-of-sale, or POS, terminals has flourished in recent years. Three of the most popular titles for the malicious software include BlackPOS, Dexter and vSkimmer.

“We believe there is a strong market for the development of POS malware, and evidence suggests there is a growing demand,” the report, obtained by Reuters, warned.

The Secret Service, which is heading up the investigations into the cyber attacks, has declined to comment on what it has learned or identify victims besides Target and Neiman Marcus.

ARMED WITH INFORMATION

John Watters, chief executive of the security intelligence firm iSIGHT Partners, which helped draft the document released on Thursday, said that the government decided to provide information to retailers so they can determine whether their systems have been compromised by hackers.

“The point of getting the technical artifacts out there is that people can go out there and examine their systems and see if they have been compromised,” said Watters, whose firm has helped the Secret Service in its investigations of retail breaches. “Now they are armed with information and they can go do something about it.”

A Department of Homeland Security official said the report was drafted to provide the industry “with relevant and actionable technical indicators for network defense.”

The document said that an advanced piece of software dubbed the POSRAM Trojan, was used in the recent attacks.

POSRAM is an type of RAM scraper, or memory-parsing software, which enables cyber criminals to grab encrypted data by capturing it when it travels through the live memory of a computer, where it appears in plain text.

While the technology has been around for many years, its use has increased in recent years as retailers have improved their security, making it more difficult for hackers to obtain credit card data using other approaches.

POSRAM succeeded in evading detection by anti-virus software when it infected the Windows-based point-of-sales terminals, according to the report.

“This report was generated so that we could get it into the hands of commercial entities so that they had information they needed to protect themselves,” iSIGHT Partners Senior Vice President Tiffany Jones told Reuters.

The document was prepared by the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, the U.S. Secret Service, iSIGHT Partners and the Financial Sector Information Sharing and Analysis Center, an industry security group.

Alperovitch of CrowdStrike said that the report contained fewer technical details than an article published on Wednesday by security blogger Brian Krebs.

(Reporting by Jim Finkle; Editing Richard Valdmanis, Bernard Orr)

Recent Headlines

in Entertainment

Tracy Morgan settles suit with Walmart over fatal crash

tracymorgan

The "SNL" star sued the retail giant over a semi crash that killed one man and left Morgan and two friends seriously injured.

in Sports

French Open: Sharapova and Federer advance while Halep exits

Fresh
Russia's Maria Sharapova returns the ball to compatriot Vitalia Diatchenko during their second round match of the French Open tennis tournament at the Roland Garros stadium, Wednesday, May 27, 2015 in Paris. Sharapova won 6-3, 6-1.

Simona Halep became the highest seeded player to exit the French Open so far while the two second-seeds Roger Federer and Maria Sharapova advanced.

in Sports

Ex-FIFA vice president Warner arrested, freed on $2.5M bail

Fresh
FILE - In this Thursday, June 2, 2011 file photo, suspended FIFA executive Jack Warner gestures during a news conference held shortly after his arrival at the airport in Port-of-Spain, in his native Trinidad and Tobago. Organizers of the 2022 World Cup in Qatar have distanced themselves from fresh allegations of corruption surrounding the Gulf nation's winning bid for the tournament in 2010. The Tuesday March 18, 2014 edition of British newspaper The Daily Telegraph alleges it has evidence that former FIFA vice president Jack Warner and his family were paid almost $2 million from a company controlled by Mohamed Bin Hammam, a Qatari who used to be an executive committee member of world football's governing body.

Former FIFA vice president Jack Warner turned himself in to Trinidad police shortly after they issued an arrest warrant at the request of U.S. authorities.

in Entertainment

LiLo is (finally) finishing her community service

lindsaylohan

The "Mean Girls" star had to log 125 hours before May 28 after a judge rejected her previous effort.

in Local Sports

Nelson Cruz hits a 3-run blast in the 9th as the M’s down the Rays

Seattle Mariners' Nelson Cruz follows the flight of his three-run home run off Tampa Bay Rays relief pitcher Brad Boxberger during the ninth inning of a baseball game Wednesday, May 27, 2015, in St. Petersburg, Fla. Mariners' Chris Taylor, and Robinson Cano also scored on the hit. The Mariners won the game 3-0.

Felix Hernandez pitched a four-hitter to become the major's first eight-game winner and the M's complete a 3 game series sweep of the Rays.