Malware named “Black POS” was not flagged by more than 40 commercial anti-virus tools, explaining why it was able to infect Target’s point of sale system.
According to security blogger Brian Krebs, a source said that the POS malware was installed in Target’s environment around November 27th, and it was customised to avoid detection and for use in specific environments.
He said: “That source and one other involved in the investigation who also asked not to be named said the POS malware appears to be nearly identical to a piece of code sold on cyber crime forums called BlackPOS, a relatively crude but effective crimeware product. BlackPOS is a specialised piece of malware designed to be installed on POS devices and record all data from credit and debit cards swiped through the infected system.”
Krebs reported that BlackPOS was created by “Antikiller”, is roughly 207 kilobytes in size and is designed to bypass firewall software. The barebones “budget version” of the crimeware costs $1,800, while a more feature-rich “full version” costs $2,300.
Krebs said that according to sources, the attackers broke in to Target after compromising a company web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.
A source told IT Security Guru that Target had not done enough in the way of security validation for the retail environment. A third party quality assurance person raised the concern that insufficient penetration testing and vulnerability scanning was done and overlooked against the PoS system.
Barmak Meftah, CEO of AlienVault, said: “The unfortunate truth is that no matter how high or thick the wall you build with preventative security measures like firewalls, hackers will find a way in and a breach will still happen.
“Always assume you will be breached and have in place comprehensive detective security controls that will expedite you forensic analysis in a very efficient manner. The more sophisticated the detective controls, the more sophisticated the response, the quicker a company can respond to breaches.”