Eskenzi PR ad banner Eskenzi PR ad banner
  • About Us
Monday, 27 March, 2023
IT Security Guru
Eskenzi PR banner
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us
No Result
View All Result
IT Security Guru
No Result
View All Result

Target admit there was malware on PoS systems

by The Gurus
January 15, 2014
in Editor's News
Share on FacebookShare on Twitter

Target CEO Gregg Steinhafel has admitted that there was malware on its point-of-sale (PoS) systems.
 
In an interview with CNBC, Steinhafel said that while it did not know the full extent of what transpired, it had established the malicious compromise. According to Sophos’ Naked Security blog, credit card data is not encrypted all of the time, even on PCI-DSS compliant systems, instead it is briefly unencrypted inside the PoS terminal itself.
 
Writing on the blog, Paul Ducklin said: “Putting malware into PoS terminal hardware devices is possible, and lets you can skim off payment card data as early in the process as possible. But that sort of scam is hard to perpetrate on a national scale, especially at in-store sales points.
 
“That’s where so-called RAM scraping malware comes into the picture. RAM scraping works because payment card data is often also unencrypted in memory (RAM) in the PoS register. This happens as the data is transferred from the PoS terminal to the PoS register. Of course, PoS registers usually run some version of Windows, and are connected together on an enterprise-wide network.”
 
A source close to the Target breach told IT Security Guru that the company had not done enough in the way of security validation for the retail environment. A third party quality assurance person raised the concern that insufficient penetration testing and vulnerability scanning was done and overlooked against the PoS system.
 
“A lot of retailers try this on as a way of saving money and rather than taking a sample and working back, they basically try to ignore their retail environments, or push the QSA not to review them because it can add a lot to the cost of the audit,” they said.
 
They also said that encrypted pins were compromised, suggesting that the data was stolen during or just before it was transmitted (either via the pin pad to POS, or POS to processor).  The QA person said that the pin pad was not compromised, so there is a good chance people won’t see ATM cash-frauds from cloned cards.
 
However it has also transpired that CVV details may have been compromised and full track data has been stolen from the magstripe. “So cloned cards could be created but only used for face to face purchases in store – i.e. with a signature or in online environments where the CVV2 security code isn’t asked for,” they said.
 
“The way in which the data has been stolen strongly indicates that the attackers got a foothold within store networks rather than just popping a website. This is reminiscent of the TJ Maxx compromise. So it could have been via rogue wireless or in store networks or possibly even an external attacker that managed to leverage a vulnerability to the take over an internal computer.
 
“Either way for the volume of data to have been more than 40 million, I suspect that custom PoS malware was used to grab the data and then send it out to the criminal fraternity involved.”
 
Commenting, Neira Jones, partner at Accourt Consulting said that whilst the criminals won’t be able to use the cards at ATMs, they can still use them at shops as there are still a lot that do not require a PIN.
 
“From a commercial point of view, not all the issuers have re-issued compromised cards, because the
timing was perfect (i.e. Christmas) and didn’t want to have their customer stuck for payments if compromised cards were cancelled and waiting to be re-issued. All in all, a very well timed affair.”

FacebookTweetLinkedIn
Tags: MalwarePayment
ShareTweetShare
Previous Post

Four Microsoft patches but more from Oracle and Adobe

Next Post

Daily News Digest – 16th January 2013

Recent News

Synopsys discover new vulnerability in Pluck Content Management System

Synopsys discover new vulnerability in Pluck Content Management System

March 24, 2023
Dole Food Company

Dole confirms employee data was breached following February ransomware attack

March 24, 2023
call centre

MyCena Improves Customer Data Access Protection in Call Centers and BPOs

March 23, 2023
Blue logo, capitalised letters. SPECOPS.

Fortune 500 Company Names Found in Compromised Password Data

March 23, 2023

The IT Security Guru offers a daily news digest of all the best breaking IT security news stories first thing in the morning! Rather than you having to trawl through all the news feeds to find out what’s cooking, you can quickly get everything you need from this site!

Our Address: 10 London Mews, London, W2 1HY

Follow Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

  • About Us
No Result
View All Result
  • Home
  • Features
  • Insight
  • Events
    • Most Inspiring Women in Cyber 2022
  • Topics
    • Cloud Security
    • Cyber Crime
    • Cyber Warfare
    • Data Protection
    • DDoS
    • Hacking
    • Malware, Phishing and Ransomware
    • Mobile Security
    • Network Security
    • Regulation
    • Skills Gap
    • The Internet of Things
    • Threat Detection
    • AI and Machine Learning
    • Industrial Internet of Things
  • Multimedia
  • Product Reviews
  • About Us

© 2015 - 2019 IT Security Guru - Website Managed by Calm Logic

This site uses functional cookies and external scripts to improve your experience.

Privacy settings

Privacy Settings / PENDING

This site uses functional cookies and external scripts to improve your experience. Which cookies and scripts are used and how they impact your visit is specified on the left. You may change your settings at any time. Your choices will not impact your visit.

NOTE: These settings will only apply to the browser and device you are currently using.

GDPR Compliance

Powered by Cookie Information