security breach that recently hit US retailer Target
during the peak Thanksgiving and pre-Christmas sales period appears to have been part of a broader and highly sophisticated scam that potentially affected many other retailers, according to a report published by a global cyber intelligence firm that works with the US Secret Service and the Department of Homeland Security.
The report has been made public by iSight Partners of Dallas and provides insight into the Target attack, which affected 40m credit and debit card accounts and led to the theft of personal information, including email addresses and names, of up to 70m customers.
According to the report a malicious programme vacuuming personal data from terminals at store check-out stations was ‘almost certainly derived’ from BlackPOS, a crude but effective piece of software that contained malware scripts with Russian origins.
“The use of malware to compromise payment information storage systems is not new,” the report’s authors state. “However, it is the first time we have seen this attack at this scale and sophistication.” The malicious software codes were first noticed by iSight on the black market last June.
Criminals bought the original malware on the black market and then created their own attack method to target retailers’ terminals at store checkout stations, said iSight Partners’ chief executive (CEO) John Watters said. “It’s less about the malware, but more about the sophistication of the attacks,” he said in an interview.
The report states that as this kind of software can ‘cover its own tracks’, it’s not possible to determine the scale, scope and reach of the breach without detailed forensic analysis. ‘Organisations may not know they are infected,” the authors write. “Once infected, they may not be able to determine how much data has been lost.”
Last week the upmarket US fashion chain Neiman Marcus said thieves stole some of its customers’ payment information and made unauthorised charges over the holidays. At the time, it said that was working with the Secret Service on the breach.
The iSight report does not specify the names of affected retailers and the intelligence firm declined to discuss whether the malicious software specifically affected Target, Neiman Marcus and other retailers. However, the report offers the latest evidence that the attacks on Target and Neiman Marcus are related and that other retailers may have been victims of a broader data scheme.
Cash-flow based metrics now feature prominently alongside traditional revenue measures of business performance in the key figures or financial summary pages of any public company.
GTNews asks Pugsley about what advice she would give to treasurers dealing with mergers and acquisitions, what the key challenges for her year ahead will be and how she is selecting a treasury management system (TMS).
The US money market fund reforms came into effect in 2016 and are already dramatically shaping US fund industry with investors flooding out of prime funds and into government securities. While the reforms are similar, they are not the same. GTNews interviews Yeng Bulter, global head of the cash business at State Street Global Advisors on the differences.
Tim de Knegt, strategic finance and treasury manager for the Port of Rotterdam, discusses how he is using blockchain, the challenges he will face in his role of treasury over the next 12 months and the advice he would give to someone starting out their career in treasury.