Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek

Trending

Filed under: News

 

BlackPOS Malware Used In Target Attack On +70 Million Customers Retails For $1,800

1 Updates
BlackPOS Malware Used In Target Attack On +70 Million Customers Retails For $1,800
Photo Credit: Forbes
 
 

Comments

Full Story

BlackPOS Malware Used In Target Attack On +70 Million Customers Retails For $1,800

The massive data breach at Target during the 2013 holiday shopping season which the retailer now admits affected from 70 to 110 million customers used an inexpensive “off the shelf” malware available online for as little as $1,800 reports title="krebs on security on target malware attack">Krebs on Security. This malware, known as BlackPOS is likely of Russian origin and may have also been involved in the Neiman Marcus attack—and others allegedly known but not confirmed.

The malware was surreptitiously installed on the embedded Windows OS computers on the point of sale (POS) terminals in all of Target’s U.S. stores. The company’s Canadian outlets apparently use a different software system and were not targeted in the attacks. Although the magnetic stripe information is encrypted on its way out of these POS terminals on its way to the financial institutions for verification, the data is briefly stored in plain text in the unit’s RAM (memory.) Thus, the malware “scrapes” this info from the RAM and stores it until it can be retrieved in batches through a persistent remote connection.

The real weakness, though, is not in the POS terminals but in Target’s central data network. The crooks apparently had an open channel to every POS terminal in every Target store for over two weeks! The price of the malware itself indicates that it’s not rocket science, but neither, I guess, is cracking the whole network.

The POS terminals themselves can be replaced with newer models that encrypt end to end. This will be expensive, but nothing, obviously, compared to the hit that Target has taken thus far. It is surprising that its overall network is so open. The same things that make for convenient remote administration also create huge security holes. WiFi networks have been implcated in previous larger retail breaches, but Target has not specified the vector of the attack. All that Target CEO Gregg Steinhafel was willing to tell CNBC in an interview on Saturday was that, ”We don’t know the full extent of what transpired, but what we do know is that there was malware installed on our point-of-sale registers. That much we’ve established.’”

According to Reuters, “smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target.” Brian Krebs of Krebs on Security says he is not ready to confirm this but assures that “when and if I have information about related breaches I feel confident enough about to publish, you will read about it here first.” I’ll be looking for that any day now…

– – – – – – – – – – – – – – – – – – – –

To keep up with Quantum of Content, please subscribe to my updates on Facebook, follow me on Twitter and App.net or add me on Google+.

Source: Forbes

 

iPad Air Giveaway. Win a free iPad Air.

You Might Also Like

Updates


Sponsored Update

Update: 1

Centurion Corp acquires Penang land to develop workers dorm

Source: The Edge Singapore

Centurion Corporation said it has agreed to acquire a piece of land located at Seberang Perai Selatan in Penang, Malaysia, for RM6.3 million ($2.45 million). This marks the group’s first acquisition in another state of Malaysia outside of Johor. Read more... ...
Source: The Edge Singapore   Full article at: The Edge Singapore Aug 12 2014, 9:21am CDT
 


Advertisement


More From the Web

Shopping Deals

 
 
 

<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.

 

 

Comments

blog comments powered by Disqus

Latest stories

Idina Menzel did not sing Let It Go in Enchanted
Idina Menzel did not sing Let It Go in Enchanted
Just for the record, Idina Menzel did not sing Let It Go in the film Enchanted.
 
 
Mo’ne Davis is a Source of Inspiration for so many
Mo’ne Davis is a Source of Inspiration for so many
The female baseball player, Mo’ne Davis is a source of inspiration for so many.
 
 
Google Chrome web browser launches in Cuba
Google Chrome web browser launches in Cuba
While Google's Chrome browser could speed up the experience, the real problem in Cuba is its Internet.
 
 
Hayden Panettiere takes on Ice Bucket Challenge while affirming her Pregnancy
Hayden Panettiere takes on Ice Bucket Challenge while affirming her Pregnancy
Hayden Panettiere has taken on the icy challenge of having cold water thrown on top of her while affirming news of her pregnancy.
 
 
 

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.