BlackPOS Malware Used In Target Attack On +70 Million Customers Retails For $1,800

Posted: Jan 15 2014, 11:11pm CST | by


This story may contain affiliate links.

BlackPOS Malware Used In Target Attack On +70 Million Customers Retails For $1,800
Photo Credit: Forbes

The massive data breach at Target during the 2013 holiday shopping season which the retailer now admits affected from 70 to 110 million customers used an inexpensive “off the shelf” malware available online for as little as $1,800 reports Krebs on Security. This malware, known as BlackPOS is likely of Russian origin and may have also been involved in the Neiman Marcus attack—and others allegedly known but not confirmed.

The malware was surreptitiously installed on the embedded Windows OS computers on the point of sale (POS) terminals in all of Target’s U.S. stores. The company’s Canadian outlets apparently use a different software system and were not targeted in the attacks. Although the magnetic stripe information is encrypted on its way out of these POS terminals on its way to the financial institutions for verification, the data is briefly stored in plain text in the unit’s RAM (memory.) Thus, the malware “scrapes” this info from the RAM and stores it until it can be retrieved in batches through a persistent remote connection.

The real weakness, though, is not in the POS terminals but in Target’s central data network. The crooks apparently had an open channel to every POS terminal in every Target store for over two weeks! The price of the malware itself indicates that it’s not rocket science, but neither, I guess, is cracking the whole network.

The POS terminals themselves can be replaced with newer models that encrypt end to end. This will be expensive, but nothing, obviously, compared to the hit that Target has taken thus far. It is surprising that its overall network is so open. The same things that make for convenient remote administration also create huge security holes. WiFi networks have been implcated in previous larger retail breaches, but Target has not specified the vector of the attack. All that Target CEO Gregg Steinhafel was willing to tell CNBC in an interview on Saturday was that, ”We don’t know the full extent of what transpired, but what we do know is that there was malware installed on our point-of-sale registers. That much we’ve established.’”

According to Reuters, “smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target.” Brian Krebs of Krebs on Security says he is not ready to confirm this but assures that “when and if I have information about related breaches I feel confident enough about to publish, you will read about it here first.” I’ll be looking for that any day now…

– – – – – – – – – – – – – – – – – – – –

To keep up with Quantum of Content, please subscribe to my updates on Facebook, follow me on Twitter and or add me on Google+.

Source: Forbes

This story may contain affiliate links.


Find rare products online! Get the free Tracker App now.

Download the free Tracker app now to get in-stock alerts on Pomsies, Oculus Go, SNES Classic and more.

Latest News


The Author

Forbes is among the most trusted resources for the world's business and investment leaders, providing them the uncompromising commentary, concise analysis, relevant tools and real-time reporting they need to succeed at work, profit from investing and have fun with the rewards of winning.




comments powered by Disqus