Target Attack Part of Wider Security Breach

security breach that recently hit US retailer Target
during the peak Thanksgiving and pre-Christmas sales period appears to have been part of a broader and highly sophisticated scam that potentially affected many other retailers, according to a report published by a global cyber intelligence firm that works with the US Secret Service and the Department of Homeland Security.

The report has been made public by iSight Partners of Dallas and provides insight into the Target attack, which affected 40m credit and debit card accounts and led to the theft of personal information, including email addresses and names, of up to 70m customers.

According to the report a malicious programme vacuuming personal data from terminals at store check-out stations was ‘almost certainly derived’ from BlackPOS, a crude but effective piece of software that contained malware scripts with Russian origins.

“The use of malware to compromise payment information storage systems is not new,” the report’s authors state. “However, it is the first time we have seen this attack at this scale and sophistication.” The malicious software codes were first noticed by iSight on the black market last June.

Criminals bought the original malware on the black market and then created their own attack method to target retailers’ terminals at store checkout stations, said iSight Partners’ chief executive (CEO) John Watters said. “It’s less about the malware, but more about the sophistication of the attacks,” he said in an interview.

The report states that as this kind of software can ‘cover its own tracks’, it’s not possible to determine the scale, scope and reach of the breach without detailed forensic analysis. ‘Organisations may not know they are infected,” the authors write. “Once infected, they may not be able to determine how much data has been lost.”

Last week the upmarket US fashion chain Neiman Marcus said thieves stole some of its customers’ payment information and made unauthorised charges over the holidays. At the time, it said that was working with the Secret Service on the breach.

The iSight report does not specify the names of affected retailers and the intelligence firm declined to discuss whether the malicious software specifically affected Target, Neiman Marcus and other retailers. However, the report offers the latest evidence that the attacks on Target and Neiman Marcus are related and that other retailers may have been victims of a broader data scheme.


Related reading