Malware in Target stores breach crafted to avoid detection by all antivirus tools
Last weekend, retail giant Target finally disclosed that malicious software that infected point-of-sale systems at Target checkout counters was at least one cause of the data breach that occurred back in December. The massive data breach exposed personal and financial information, including names, mailing addresses, phone numbers and email addresses of more than 110 million customers.
Target has taken considerable heat from critics who say the company waited too long to disclose the breach.
In an interview with CNBC on Jan. 12, Target CEO Gregg Steinhafel confirmed that the attackers stole card data by installing malicious software on point-of-sale (POS) devices in the checkout lines at Target stores.
Earlier this week, Seculert posted an analysis and reported: “First, the malware that infected Target’s checkout counters (PoS) extracted credit numbers and sensitive personal details. Then, after staying undetected for 6 days, the malware started transmitting the stolen data to an external FTP server, using another infected machine within the Target network.”
Thieves then use collected information to create cloned copies of the cards and use them to shop in stores for high-priced merchandise.
As Brian Krebs of Krebs on Security blog reports, he detected a network of underground cybercrime shops that were selling almost exclusively credit and debit card accounts stolen from Target stores. Those underground stores all traced back to a miscreant in Odessa, Ukraine.
Krebs continues: “Incidentally, in malware-writer parlance, the practice of obfuscating malware so that it is no longer detected by commercial antivirus tools is known as making the malware “Fully Un-Detectable,” or “FUD” as most denizens of cybercrime forums call it. This is a somewhat amusing acronym to describe the state of a thing that is often used by security industry marketing people to generate a great deal of real-world FUD, a.k.a. Fear Uncertainty and Doubt.”
These breaches underscore the importance of organizations continuously monitoring their systems for suspicious changes and unknown programs on their systems, as well as providing their employees with security awareness training.
Once the breach happens, it is imperative that a business continuity plan be executed in a timely manner and that the proper communication be established with the public.
Please feel free to contact ABEX and WatSec for more information on how you can effectively manage your cyber risks.
