Target Breach: An Inside Job?

There are still more questions than answers about the Target data breach, but new insights are emerging that shine a light on the point-of-sale (POS) attack. According to Seculert, Dexter, a custom-made malware thatEUs been springing up over the last few months to infect POS systems, isnEUt the culprit in the breach, which affected at least 70 million customers.

EUFirst, the malware that infected TargetEUs checkout counters (POS) extracted credit numbers and sensitive personal details,EU SeculertEUs Aviv Raff wrote in a blog post. EUThen, after staying undetected for six days, the malware started transmitting the stolen data to an external FTP server, using another infected machine within the Target network."

With Dexter, on the other hand, malware injected into files hosted on Windows servers scrapes credit card numbers as theyEUre entered through the POS system.

According to Seculert, the malware in the Target breach began transmitting payloads of stolen data to a FTP server of what appears to be a hijacked Web site on Dec. 2. These transmissions occurred several times a day over a two-week period. The cybercriminals behind the attack used a virtual private server located in Russia to download the stolen data from the FTP, the firm reports.

EUThey continued to download the data over two weeks for a total of 11 GBS of stolen sensitive customer information,EU Raff said. EUWhile none of this data remains on the FTP server today, analysis of publicly available access logs indicates that Target was the only retailer affected. So far there is no indication of any relationship to the Neiman Marcus attack.EU

A Key Lesson Learned

We caught up with Dwayne Melancon, chief technology officer at TripWire, to get his views on the latest revelations surrounding the Target breach. He told us identifying the malware used and how data was exfiltrated in the Target attack...

Comments are closed.