Government report: Cyber attacks were not coordinated

A multiagency government task force report states recent cyber attacks on retailers were not coordinated, but did identify holes in company systems that facilitated security breaches.

In a report, the National Cyber Investigative Joint Task Force (NCIJTF) said it is tracking and coordinating investigations by the government and retail industry concerning security breaches at stores' POS systems.

"The NCIJTF has not identified evidence to suggest this is a coordinated campaign by actors to adversely affect the U.S. economy as a whole, however, the global implications and economic impact to private business and individual citizens resulting from the successful use of POS malware by adversarial parties or criminal enterprises cannot be overstated," the report said.

The report obtained by the AP, doesn't name specific retailers but security breaches at Target (NYSE: TGT), Neiman Marcus and Michaels stores among others, have left close to 150 million customer accounts vulnerable.

Investigators believe a third party provider to Target was responsible for the breach. A Pennsylvania-based heating and refrigeration contractor that services Target stores confirmed it was "a victim of a sophisticated cyberattack operation," which could be how the hackers gained access to Target's systems.
"In many cases malware tools are written by freelance malware developers and are sold to actors who intend to use it for malicious purposes. Variants of the Kaptoxa and other POS-related malware are frequently modified and recompiled for specific use by specific actors with the intent to facilitate an intrusion for monetary gain," the NCIJTF report stated.

For more:
-See this Pioneer Press article
-See this AP story

Related stories:
Target breach: Heating vendor confirmed as hackers' entry point
Target to install chip and PIN card readers, says that only 25 registers were to blame for massive breach
The story of how Target had chip and PIN cards, but failed to keep them
Arrested pair thought to be Target hackers, NRF urges adoption of chip and PIN cards
Target invests $5 million in security education, offers free credit monitoring to customers for 1 year