DTX Manchester DTX Manchester
  • About Us
Friday, 26 February, 2021
IT Security Guru
CTX Manchester 2020 banner ad
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Target admit there was malware on PoS systems

by The Gurus
January 15, 2014
in Editor's News
Share on FacebookShare on Twitter

Target CEO Gregg Steinhafel has admitted that there was malware on its point-of-sale (PoS) systems.
 
In an interview with CNBC, Steinhafel said that while it did not know the full extent of what transpired, it had established the malicious compromise. According to Sophos’ Naked Security blog, credit card data is not encrypted all of the time, even on PCI-DSS compliant systems, instead it is briefly unencrypted inside the PoS terminal itself.
 
Writing on the blog, Paul Ducklin said: “Putting malware into PoS terminal hardware devices is possible, and lets you can skim off payment card data as early in the process as possible. But that sort of scam is hard to perpetrate on a national scale, especially at in-store sales points.
 
“That’s where so-called RAM scraping malware comes into the picture. RAM scraping works because payment card data is often also unencrypted in memory (RAM) in the PoS register. This happens as the data is transferred from the PoS terminal to the PoS register. Of course, PoS registers usually run some version of Windows, and are connected together on an enterprise-wide network.”
 
A source close to the Target breach told IT Security Guru that the company had not done enough in the way of security validation for the retail environment. A third party quality assurance person raised the concern that insufficient penetration testing and vulnerability scanning was done and overlooked against the PoS system.
 
“A lot of retailers try this on as a way of saving money and rather than taking a sample and working back, they basically try to ignore their retail environments, or push the QSA not to review them because it can add a lot to the cost of the audit,” they said.
 
They also said that encrypted pins were compromised, suggesting that the data was stolen during or just before it was transmitted (either via the pin pad to POS, or POS to processor).  The QA person said that the pin pad was not compromised, so there is a good chance people won’t see ATM cash-frauds from cloned cards.
 
However it has also transpired that CVV details may have been compromised and full track data has been stolen from the magstripe. “So cloned cards could be created but only used for face to face purchases in store – i.e. with a signature or in online environments where the CVV2 security code isn’t asked for,” they said.
 
“The way in which the data has been stolen strongly indicates that the attackers got a foothold within store networks rather than just popping a website. This is reminiscent of the TJ Maxx compromise. So it could have been via rogue wireless or in store networks or possibly even an external attacker that managed to leverage a vulnerability to the take over an internal computer.
 
“Either way for the volume of data to have been more than 40 million, I suspect that custom PoS malware was used to grab the data and then send it out to the criminal fraternity involved.”
 
Commenting, Neira Jones, partner at Accourt Consulting said that whilst the criminals won’t be able to use the cards at ATMs, they can still use them at shops as there are still a lot that do not require a PIN.
 
“From a commercial point of view, not all the issuers have re-issued compromised cards, because the
timing was perfect (i.e. Christmas) and didn’t want to have their customer stuck for payments if compromised cards were cancelled and waiting to be re-issued. All in all, a very well timed affair.”

0 0 vote
Article Rating
FacebookTweetLinkedIn
Tags: MalwarePayment
ShareTweetShare
Previous Post

Four Microsoft patches but more from Oracle and Adobe

Next Post

Daily News Digest – 16th January 2013

Subscribe
Notify of
guest
guest
0 Comments
Inline Feedbacks
View all comments

Recent News

Npower shuts down app after hackers steal customer bank info  

February 26, 2021
Partnership announcement: Edgescan partners with BSI to deliver safe and secure client solutions

Edgescan partners with BSI to deliver safe and secure client solutions

February 26, 2021
Microsoft building

Microsoft failed to fix known problems that could have prevented SolarWinds hack

February 26, 2021
Microscope

Dutch Research Council experience ransomware attack

February 26, 2021

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Women in Cyber 2020
    • Women in Cyber 2020 [SPONSORS]
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

More information
wpDiscuz
0
0
Would love your thoughts, please comment.x
()
x
| Reply
Privacy Settings / PENDINGGDPR Compliance

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Accept