Cybercrime firm, IntelCrawler, has confirmed that at least six unnamed retailers have been hit with data breaches similar to the one affecting Target (NYSE: TGT). The firm says that these six merchants have POS systems that are infected with the same type of malware that led to Target's hack. It is unknown how much payment data and how many credit card users have been affected.
Intercrawler has reportedly alerted law enforcement, Visa Inc. and intelligence teams at several large banks regarding the discovery. The findings are an indication that the recent breaches at Target and Neiman Marcus are part of a broad and highly sophisticated international hacking campaign against multiple retailers.
Yesterday, a report titled "Indicators for Network Defenders," was released by a private firm working on the Target investigation, iSIGHT Partners, as an attempt at identifying and thwarting similar attacks that may be ongoing. According to the document, a malicious program that extracted personal data from POS terminals at store check-out stations was "almost certainly derived" from BlackPOS, software that contained malware scripts with Russian origins. This particular software attacks cash register systems and has flourished in recent years in underground markets.
Intercrawler's CEO Andrew Komarov says BlackPOS was developed by a 17-year-old hacker whose nickname is "Ree4" and who lives in St. Petersburg, Russia. The teenager sold the malicious software to cybercriminals who then launched attacks on merchants.
BlackPOS is a type of RAM scraper, or memory-parsing software. It is able to capture payment data as it travels through the live memory of a computer, where it appears in plain text. From there, cyberthieves are able to steal the unencrypted data, using it to illegally duplicate credit cards or make unauthorized purchases.
For more see:
-this Reuters article
Homeland Security Warns Retailers About Malware Used In Target Hack
Target Invests $5 Million in Security Education, Offers Free Credit Monitoring to Customers for 1 Year
Target Data Breach Gets Worse, 110 Million Shoppers At Risk
Target Now Says 70 Million People Affected by Breach
Target Admits Encrypted PIN Data Was Stolen In Data Breach