Following yesterday’s title="krebs on target malware">identification by Brian Krebs of the exact malware used in last year’s Target personal data breach, the research lab at Seculert analyzed a sample of the malware and describes the attack as having two distinct stages, a characteristic of what it terms an “advanced threat.” Critically, the malware infected Target’s POS terminals where it “scraped” credit card numbers and other personal data undetected for six days before beginning to transmit that data to an external FTP server through an additional infected computer somewhere on Target’s network.
On December 2, the malware began transmitting payloads of stolen data to a FTP server of what appears to be a hijacked website. These transmissions occurred several times a day over a 2 week period. Also on December 2, the cyber criminals behind the attack used a virtual private server (VPS) located in Russia to download the stolen data from the FTP. They continued to download the data over 2 weeks for a total of 11 GBS of stolen sensitive customer information.
The security company also comes to the conclusion that “publicly available access logs indicates that Target was the only retailer affected. So far there is no indication of any relationship to the Neiman Marcus attack.”
It’s good to know that the attacks on the two retailers are not related, I suppose, but more troubling is a report by Forbes staffer Clare O’Connor this morning about how the data that was stolen dates back a decade! This would indicate that along with scraping data from the magnetic strips on customers’ cards at checkout, the criminals were also plundering Target’s “backlist.” That a record of the towels O’Connor bought a decade ago at Target is still in active duty on the company’s servers is yet another example of how big-data-obsessed companies are perhaps holding on to too much for too long.
Most important, the breach that O’Connor discovered through actually reading her mail from Target (something many customers skimmed over or ignored) points to a much larger security problem than has been publicly disclosed. We haven’t heard the last of this one!
– – – – – – – – – – – – – – – – – – – –