U.S. Government reveals malware that attacked Target

Report indicates memory-scraping malware was at fault

Technology trends and news by Faith Merino
January 17, 2014
Short URL:

Since the Target data breach was announced last month, the world has been wondering: WTF, Target? How does a retailer of your size and scope fall victim to hackers?

Well, it looks like more clues are coming out. The Department of Homeland Security has been conducting a secret investigation into the attacks that compromised Target and Neiman Marcus shoppers and it has now released a report that it is distributing to retailers to help them stave off similar attacks.

One of the interesting details to emerge from the report is that Target and Neiman Marcus are not the only victims. Other well-known retailers have also been hit, according to sources who spoke with Reuters, but those retailers have decided to keep mum about it. In fact, Reuters has uncovered six active attacks on retailers across the country. 

The report reveals that the Target breach came from an advanced piece of software called POSRAM Trojan, which is also responsible for other attacks on retailers’ point-of-sale systems. POSRAM is a memory scraper that captures data stored on a card’s magnetic stripe in the moment when it’s swiped through the terminal and the data is still in the system’s memory. Data that’s encrypted appears in plain text.

The malware isn’t new—it’s been around for a few years. And evidently, the malware was customized to avoid detection by antivirus software, so that’s why Target’s antivirus tools didn’t flag it.

On December 19, Target revealed that as many as 40 million people may have had their cards compromised when they swiped them at a Target location between November 27 and December 15. It was later revealed that as many as 110 million people may have actually been affected, some 70 million of whom may have had their names, mailing addresses, email addresses, and phone numbers stolen. Because the malware only affected card swipers, online shoppers were not affected.

Target updated its fourth quarter outlook last week and revealed that while the company anticipates stronger-than-expected sales prior to the December 19 data breach announcement, sales likely dropped off immediately thereafter. Target said it expects “meaningfully weaker-than-expected sales” after the announcement, with a comparable sales decline of 2-6%.

The company expects further uncertainty in its GAAP EPS since it has no idea what kind of costs it’s facing in terms of reimbursements for credit card fraud and liability payments, Target REDcard fraud, civil litigation, government investigations, law enforcement proceedings, expenses for legal and investigative fees, and investments in remediation activities. In sum: there’s a big clusterf*ck of bills on the horizon.

Target has 1,797 stores in the U.S. and 124 stores in Canada, though it looks like only U.S. stores were affected. The company posted a profit of $1.6 billion on $51 billion in sales in the first nine months of 2013. Target originally expected to see a full-year EPS of $3.52.


image source:

Related news