Latest News: Technology |  Celebrity |  Movies |  Apple |  Cars |  Business |  Sports |  TV Shows |  Geek


Filed under: News


BlackPOS Malware Used In Target Attack On +70 Million Customers Retails For $1,800

Jan 15 2014, 11:11pm CST | by

BlackPOS Malware Used In Target Attack On +70 Million Customers Retails For $1,800

Photo Credit: Forbes

The massive data breach at Target during the 2013 holiday shopping season which the retailer now admits affected from 70 to 110 million customers used an inexpensive “off the shelf” malware available online for as little as $1,800 reports title="krebs on security on target malware attack">Krebs on Security. This malware, known as BlackPOS is likely of Russian origin and may have also been involved in the Neiman Marcus attack—and others allegedly known but not confirmed.

The malware was surreptitiously installed on the embedded Windows OS computers on the point of sale (POS) terminals in all of Target’s U.S. stores. The company’s Canadian outlets apparently use a different software system and were not targeted in the attacks. Although the magnetic stripe information is encrypted on its way out of these POS terminals on its way to the financial institutions for verification, the data is briefly stored in plain text in the unit’s RAM (memory.) Thus, the malware “scrapes” this info from the RAM and stores it until it can be retrieved in batches through a persistent remote connection.

The real weakness, though, is not in the POS terminals but in Target’s central data network. The crooks apparently had an open channel to every POS terminal in every Target store for over two weeks! The price of the malware itself indicates that it’s not rocket science, but neither, I guess, is cracking the whole network.

The POS terminals themselves can be replaced with newer models that encrypt end to end. This will be expensive, but nothing, obviously, compared to the hit that Target has taken thus far. It is surprising that its overall network is so open. The same things that make for convenient remote administration also create huge security holes. WiFi networks have been implcated in previous larger retail breaches, but Target has not specified the vector of the attack. All that Target CEO Gregg Steinhafel was willing to tell CNBC in an interview on Saturday was that, ”We don’t know the full extent of what transpired, but what we do know is that there was malware installed on our point-of-sale registers. That much we’ve established.’”

According to Reuters, “smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target.” Brian Krebs of Krebs on Security says he is not ready to confirm this but assures that “when and if I have information about related breaches I feel confident enough about to publish, you will read about it here first.” I’ll be looking for that any day now…

– – – – – – – – – – – – – – – – – – – –

To keep up with Quantum of Content, please subscribe to my updates on Facebook, follow me on Twitter and or add me on Google+.

Source: Forbes

You Might Also Like


Shopping Deals


<a href="/latest_stories/all/all/31" rel="author">Forbes</a>
Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.




blog comments powered by Disqus

Latest stories

Rare Discount On The 2013 Razer DeathAdder Mouse
Rare Discount On The 2013 Razer DeathAdder Mouse
Best Buy pulled out Black Friday pricing on one of the most popular FPS gaming mice. Only valid for 24 hours!
Kendall Jenner and the Complicated Life she leads
Kendall Jenner leads a Complicated Life
Kendall Jenner, and the complicated life she leads with friends, fans and family, prove one thing. And that is that she knows how to hang in there amidst the media hype and mass publicity.
Joe Frazier Statue is Ready for Public Display
Joe Frazier Statue is Ready for Public Display
A statue of the boxer, Joe Frazier has been finalized and is almost ready for public display in Philadelphia. Hopefully, it will get unveiled by the time 2015 arrives.
Apple explains why apps get rejected from the App Store
Apple explains why apps get rejected from the App Store
Apple explains its side of the story on a new webpage called “Common App Rejections.”

About the Geek Mind

The “geek mind” is concerned with more than just the latest iPhone rumors, or which company will win the gaming console wars. I4U is concerned with more than just the latest photo shoot or other celebrity gossip.

The “geek mind” is concerned with life, in all its different forms and facets. The geek mind wants to know about societal and financial issues, both abroad and at home. If a Fortune 500 decides to raise their minimum wage, or any high priority news, the geek mind wants to know. The geek mind wants to know the top teams in the National Football League, or who’s likely to win the NBA Finals this coming year. The geek mind wants to know who the hottest new models are, or whether the newest blockbuster movie is worth seeing. The geek mind wants to know. The geek mind wants—needs—knowledge.

Read more about The Geek Mind.