A First Look at the Target Intrusion, Malware

[InfoSec News <alerts () infosecnews org>]

http://krebsonsecurity.com/2014/01/a-first-look-at-the-target-intrusion-malware/

By Brian Krebs
Krebs on Security
January 15, 2014

Last weekend, Target finally disclosed at least one cause of the massive 
data breach that exposed personal and financial information on more than 
110 million customers: Malicious software that infected point-of-sale 
systems at Target checkout counters. Today’s post includes new information 
about the malware apparently used in the attack, according to two sources 
with knowledge of the matter.

In an interview with CNBC on Jan. 12, Target CEO Gregg Steinhafel 
confirmed that the attackers stole card data by installing malicious 
software on point-of-sale (POS) devices in the checkout lines at Target 
stores. A report published by Reuters that same day stated that the Target 
breach involved memory-scraping malware.

This type of malicious software uses a technique that parses data stored 
briefly in the memory banks of specific POS devices; in doing so, the 
malware captures the data stored on the card’s magnetic stripe in the 
instant after it has been swiped at the terminal and is still in the 
system’s memory. Armed with this information, thieves can create cloned 
copies of the cards and use them to shop in stores for high-priced 
merchandise. Earlier this month, U.S. Cert issued a detailed analysis of 
several common memory scraping malware variants.

Target hasn’t officially released details about the POS malware involved, 
nor has it said exactly how the bad guys broke into their network. Since 
the breach, however, at least two sources with knowledge of the ongoing 
investigation have independently shared information about the 
point-of-sale malware and some of the methods allegedly used in the 
attack.

[...]

--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/