Click to Skip Ad
Closing in...

Target data hack only the beginning of massive, sophisticated attack

Published Jan 17th, 2014 1:15PM EST
BGR

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

The Target data breach may be just the tip of the iceberg in what seems to be a massive sophisticated attack on U.S. retailers that may have possibly originated in Russia, according to newly discovered evidence. The Wall Street Journal reports that federal and private investigators who are looking into the matter have discovered that parts of the malware used to hit Target has been available on the black market since last spring, and was written in Russian, leading them to believe the attack may have ties to organized crime in the former Soviet Union.

The investigators have also revealed that any known antivirus software couldn’t detect the malware used, with hackers having also added in features that covered the fact that they were actually copying data from the credit and debit cards swiped in point-of-sale (POS) machines. Interestingly, the malware was programmed to steal data during prime business hours (i.e from 10:00 a.m. to 5:00 p.m. local time) and store it on an internal Target server that was also controlled by the hackers.

“What’s really unique about this one is it’s the first time we’ve seen the attack method at this scale,” iSight Partners senior vice president Tiffany Jones said. “It conceals all the data transfers. It makes it really hard to detect in the first place.”

Some of these newly revealed details confirm what a recent Krebs on Security report said, although we’re now getting a better idea of the scope of the Target attack. Neither Krebs on Security, nor the investigators cited by the Journal have revealed how the malware was actually injected into Target’s POS machines.

iSight on Thursday issued its own report on the KAPTOXA (name of program written in Russian) POS malicious software it discovered, acknowledging the fact that it’s investigating the matter with the U.S. Secret Service. The security company warns retailers that the malware “has potentially infected a large number of retail information systems,” and they should contact the Secret Service and the company in case they believe they were infected. The security firm also advises consumers to keep an eye for fraudulent bank transactions and to avoid opening any emails or links that may have been sent by their banks or financial institutions, and instead contact those institutions via telephone or website.

Finally, Reuters on Friday exclusively reported that six ongoing attacks similar to the one suffered by Target have discovered by security firm IntelCrawler, although actual names of the companies involved were not revealed at the time this article was written.

Chris Smith Senior Writer

Chris Smith has been covering consumer electronics ever since the iPhone revolutionized the industry in 2008. When he’s not writing about the most recent tech news for BGR, he brings his entertainment expertise to Marvel’s Cinematic Universe and other blockbuster franchises.

Outside of work, you’ll catch him streaming almost every new movie and TV show release as soon as it's available.