When Target confirmed it fell victim to an attack against point-of-sale systems, the retailer confirmed millions of shopper data had been compromised.
Now, new details of how the attack likely happened are surfacing and clues point to hackers in Eastern Europe.
Security researcher Ken Westin tells KING 5 News the only way he can imagine malware spread across the entire Target network is if hackers were able to compromise a central update hub. Infecting this server with malware likely then caused the network’s update system to push malicious code to individual point-of-sale systems.
The specific malware, available from underground networks, is reported to be software called “Redeem” or “Black POS” and is available on these black markets for around $2000.
Westin said there are clues the Target attack originated from Russia and adds that the US Secret Service is involved in the ongoing investigation.
“You’re talking about a very well resourced group, highly organized, they’re able to take advantage of vulnerabilities in the network be it a web server or the like.” Westin explains, “From there they’re able to move laterally within the network, compromise other systems, and escalate privileges.”
Once attackers infiltrated the retailer’s network, they likely used the infected system as a sort of beach-head to collect information from the terminals inside each store.
He believes more companies have had customer data stolen in similar attacks and suggests additional information will become public in the coming weeks.
“We haven’t seen the end of it,” he adds, “I think there was other information that was compromised that we’re going to hear more of in the coming months.”
When asked how users might protect themselves from having their private information exposed, Westin said he changes his personal credit cards about every six months.