Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Saturday, 30 September, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Target admit there was malware on PoS systems

by The Gurus
January 15, 2014
in Editor's News
Share on FacebookShare on Twitter

Target CEO Gregg Steinhafel has admitted that there was malware on its point-of-sale (PoS) systems.
 
In an interview with CNBC, Steinhafel said that while it did not know the full extent of what transpired, it had established the malicious compromise. According to Sophos’ Naked Security blog, credit card data is not encrypted all of the time, even on PCI-DSS compliant systems, instead it is briefly unencrypted inside the PoS terminal itself.
 
Writing on the blog, Paul Ducklin said: “Putting malware into PoS terminal hardware devices is possible, and lets you can skim off payment card data as early in the process as possible. But that sort of scam is hard to perpetrate on a national scale, especially at in-store sales points.
 
“That’s where so-called RAM scraping malware comes into the picture. RAM scraping works because payment card data is often also unencrypted in memory (RAM) in the PoS register. This happens as the data is transferred from the PoS terminal to the PoS register. Of course, PoS registers usually run some version of Windows, and are connected together on an enterprise-wide network.”
 
A source close to the Target breach told IT Security Guru that the company had not done enough in the way of security validation for the retail environment. A third party quality assurance person raised the concern that insufficient penetration testing and vulnerability scanning was done and overlooked against the PoS system.
 
“A lot of retailers try this on as a way of saving money and rather than taking a sample and working back, they basically try to ignore their retail environments, or push the QSA not to review them because it can add a lot to the cost of the audit,” they said.
 
They also said that encrypted pins were compromised, suggesting that the data was stolen during or just before it was transmitted (either via the pin pad to POS, or POS to processor).  The QA person said that the pin pad was not compromised, so there is a good chance people won’t see ATM cash-frauds from cloned cards.
 
However it has also transpired that CVV details may have been compromised and full track data has been stolen from the magstripe. “So cloned cards could be created but only used for face to face purchases in store – i.e. with a signature or in online environments where the CVV2 security code isn’t asked for,” they said.
 
“The way in which the data has been stolen strongly indicates that the attackers got a foothold within store networks rather than just popping a website. This is reminiscent of the TJ Maxx compromise. So it could have been via rogue wireless or in store networks or possibly even an external attacker that managed to leverage a vulnerability to the take over an internal computer.
 
“Either way for the volume of data to have been more than 40 million, I suspect that custom PoS malware was used to grab the data and then send it out to the criminal fraternity involved.”
 
Commenting, Neira Jones, partner at Accourt Consulting said that whilst the criminals won’t be able to use the cards at ATMs, they can still use them at shops as there are still a lot that do not require a PIN.
 
“From a commercial point of view, not all the issuers have re-issued compromised cards, because the
timing was perfect (i.e. Christmas) and didn’t want to have their customer stuck for payments if compromised cards were cancelled and waiting to be re-issued. All in all, a very well timed affair.”

FacebookTweetLinkedIn
Tags: MalwarePayment
ShareTweet
Previous Post

Four Microsoft patches but more from Oracle and Adobe

Next Post

Daily News Digest – 16th January 2013

Recent News

Guide to ransomware and how to detect it

Guide to ransomware and how to detect it

September 28, 2023
software security

Research reveals 80% of applications developed in EMEA contain security flaws

September 27, 2023
Cyber insurance

Half of organisations with cyber insurance implemented additional security measures to qualify for the policy or reduce its cost

September 27, 2023
Fraud and online banking

Akamai Research Finds the Number of Cyberattacks on European Financial Services More Than Doubled in 2023

September 27, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Channel News
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information