Target's point-of-sale terminals were infected with malware

[Firefox]

Target's point-of-sale terminals were infected with malware

The company's CEO confirmed that attackers used malware to steal credit and debit card data from PoS systems

IDG News Service - The CEO of retailer Target revealed Saturday in an interview that the company's point-of-sale (PoS) systems were infected with malware, confirming what security experts suspected since the massive data breach was announced in mid-December.

Answering a question about what caused the breach during an interview for CNBC, Target CEO Gregg Steinhafel said: "We don't know the full extent of what transpired, but what we do know is that there was malware installed on our point-of-sale registers. That much we've established."

Target originally said that approximately 40 million credit and debit card accounts may have been impacted by the breach. The company announced Friday that information like names, email addresses, mailing addresses and phone numbers of an additional 70 million people has also been stolen.

Malware programs designed for PoS systems are commonly referred to as RAM scrapers, because they search the terminal's random access memory (RAM) for transaction data and steal it.

PoS systems are actually computers with peripherals like card readers and keypads attached to them. Many of these systems run a version of Windows Embedded as the OS as well as special cash register software.

Every time people swipe their card at a PoS terminal to authorize a transaction, the data encoded on the card's magnetic stripe -- like the card's number, the cardholder's name, the card's expiration date -- is passed along with the transaction request to the payment application and then to the company's payment processing provider.

While this information is encrypted as it leaves the PoS system and the company's network, there's a period of time when it's stored in the system's RAM in cleartext and can be read by malware installed on the machine, which is what seems to have happened in the Target case.

Such PoS attacks are not new, but their frequency and the interest of cybercriminals in PoS RAM scraping malware has increased during the past year.

At the beginning of December two security companies independently reported new attack campaigns with PoS malware. Target said that the credit and debit card information was stolen from its systems between Nov. 27 and Dec. 15.

Visa issued two security alerts last year, in April and August, warning merchants of attacks using memory-parsing PoS malware.

"Since January 2013, Visa has seen an increase in network intrusions involving retail merchants," Visa said in its August advisory. "Once inside the merchant's network, the hacker will install memory parser malware on the Windows based cash register system in each lane or on the Back-of-the-House (BOH) servers to extract full magnetic stripe data in random access memory (RAM)."

Hackers can break into PoS systems and merchant networks by exploiting various security holes, but a common method is to steal or brute force remote administration credentials. There are many merchants that rely on third-party companies for technical support and those companies frequently use remote access tools, sometimes with easy-to-guess credentials.

For the rest of the story click on the CW Logo below....

[daledoc1]

Lovely.

 

My curiosity got the better of me yesterday.

I needed a few houseware items -- the sort of thing in which they specialize.

So, I visited the local Sooper Tarjay (hadn't shopped there in months and had already verified weeks ago that my cards were OK).

 

It was positively deserted.

I mean EMPTY.

More employees than customers.

 

Needless to say, I paid cash for my items.

 

It will be LONG time before they recover from this.

Not to say it couldn't happen elsewhere -- the Neiman's thing sounds like deja vu, but I'm happy to say I don't shop there.

 

Scary stuff all around.

[Firefox]

Yes it is a bit scary, there is nothing to say it has not already happened in other places.... they just don't know it yet....

I have not visited our local Target over here, but I am willing to bet its pretty empty as well.... hope they recover from this mess... They do tend to have some nice stuff there, I would hate to see them go under like K-Mart.....

[mountaintree16]

I like Target, but the closest one for me is an hour away   I almost always use cash, and if not, I use my credit card (who is VERY good about fraud).  I haven't purchased anything there probably in at least a year or so?  So I can't vouch for the Target near me, but, they probably are experiencing some fallout from this as well.

[CWB]

i am in northern minnesnowta ... the target store here (across the street from a wally world) is as busy as ever .

over the holidays (think thanksgiving through christmas) the parking lot was pretty much packed from about 0800 until 2100 .

[Weyoun]

I prefer to use prepaid cards as much as possible... a bit inconvenient, and I have to pay activation fees once in a while, but this way, if for some reason the card information got stolen, or the card itself got stolen, the thieves would never have access to my full funds or bank information. Hopefully nothing will happen to any of the people who's information did get stolen.