Homeland Security Warns Retailers About Malware Used In Target Hack

The U.S. government on Thursday provided retailers with findings from its confidential investigation into the data breach at Target (NYSE: TGT), which appears to be part of a broad and highly sophisticated international hacking campaign against multiple retailers.

The report titled "Indicators for Network Defenders," was released by a private firm working on the investigation, iSIGHT Partners, as an attempt at identifying and thwarting similar attacks that may be ongoing. It offers some of the first details to emerge about the source of the attack and provided further evidence the attack on Target was a concerted effort by skilled hackers.

According to the document, a malicious program that extracted personal data from POS terminals at store check-out stations was "almost certainly derived" from BlackPOS, software that contained malware scripts with Russian origins. This particular software attacks cash register systems and has flourished in recent years in underground markets.

"The use of malware to compromise payment information storage systems is not new," the report said. "However, it is the first time we have seen this attack at this scale and sophistication."

This kind of malware software is especially dangerous because it can "cover its own tracks," making it impossible to determine the scale, scope and reach of the breach without detailed forensic analysis.

"Organizations may not know they are infected," the report said. "Once infected, they may not be able to determine how much data has been lost."

Another reason this type of malware is so potent is because it is virtually indetectable by anti-virus software.

"We've seen various types of malware that have done that, but it's the first time that we've seen this attack at this scale of criminal operation," said Tiffany Jones, senior vice president at iSIGHT Partners. The malware manages to "covertly subvert network controls" and avoids current anti-virus protection. Jones declined to elaborate on the specific attack method these hackers used, citing a continuing government investigation.    

For more see:
-this Wall Street Journal article
-this CNN Money article 

Related stories:
Target Invests $5 Million in Security Education, Offers Free Credit Monitoring to Customers for 1 Year
Target Data Breach Gets Worse, 110 Million Shoppers At Risk
Target Now Says 70 Million People Affected by Breach
Target Admits Encrypted PIN Data Was Stolen In Data Breach
Target Suffers Reduced Traffic After Breach, Hit With More Lawsuits