IntelCrawler has identified the author of the malware that infected Target as a Russian teenager. According to the California-based security firm, this 17-year-old is also believed to have created the malware that infected Neiman Marcus.
The teenager is not believed to have launched the actual attacks. However, he sold more than 60 versions of the software to cybercriminals in Eastern Europe and other countries, IntelCrawler explained. “He is still visible for us, but the real bad actors responsible for the past attacks on retailers such as Target and Neiman Marcus were just his customers,” said IntelCrawler president Dan Clements.
IntelCrawler said that the attackers who purchased the software hacked the retailers’ systems either by entering default passwords, or by trying various username/password combinations until they struck gold (a practice known as “brute force password hacking”). In an interview with Computerworld, Clements noted that many retailers never change default passwords on POS terminals, which is a common problem that has been observed by the PCI Security Standards Council.
Additionally, there do not appear to be many restrictions on who can access remote POS servers in numerous retailers, IntelCrawler CEO Andrew Komarov told The Washington Post. This type of easy access could allow hackers to reach back-office servers which contain pools of data from multiple stores.
Komarov first identified the software last year and reported it to Symantec and other security firms. IntelCrawler said it has identified attacks on at least six other US retailers, as well as attempted attacks on retailers in Australia and Canada.
On the second day of this year's AFP conference Trump's potential tax reform, using synthetic debt and the expected benefits of SWIFT GPI were all hotly discussed topics.
Today CGI and GTNews have announced the launch of the fifth annual Transaction Banking survey report, which offers which offers critical insight into the corporate-to-bank relationship.
On-Demand Treasury Management Solutions continue to gain increased adoption in the US and EMEA regions.
Treasurers are being expected to do more work with fewer resources than ever before, so it is little wonder that the automation of day-to-day operations was highly discussed on the second day of EuroFinance, the annual treasury event held in Barcelona this week.