Tactical Advice

Malware to Blame for Target Data Breach

The latest details of Target’s payment card hack reveal how advanced malware threats have become.
Malware to Blame for Target Data Breach
Credit: iStock/ThinkStockPhotos

One piece of the puzzle in the Target data breach that has rocked the retail industry has finally been put into place: It appears that malware was the main culprit in the theft of millions of credit card numbers from the retailer’s point-of-sale systems.

In an interview with CNBC, Target CEO Gregg Steinhafel confessed that somehow, malware was installed at the access points of its POS machines. He points out that Target responded quickly once it detected the malware, but it was too late to prevent millions of credit card numbers from being snatched up by the hackers.

“Sunday [Dec. 15] was really day one. That was the day we confirmed we had an issue, and so our No. 1 priority was ... making our environment safe and secure. By six o'clock at night, our environment was safe and secure. We eliminated the malware in the access point, we were very confident that coming into Monday guests could come to Target and shop with confidence and no risk,” Steinhafel said to CNBC.

Brian Krebs, a security expert and blogger, pinned down a source close to the Target breach investigation, and what he reports is alarming.

The malware injected into Target’s registers was designed to bypass anti-malware software explicitly. But it wasn’t entirely unknown in IT security circles, as it appears that the malware used in the Target attack is related to a POS malware strain that Symantec identified in December as “Reedum.”

Krebs’ source and investigations so far lead him to believe that the malware used in the Target attack appears to be identical to a piece of malware called BlackPOS.

The source close to the Target investigation said that at the time this POS malware was installed in Target’s environment (sometime prior to Nov. 27, 2013), none of the 40-plus commercial antivirus tools used to scan malware at virustotal.com flagged the POS malware (or any related hacking tools that were used in the intrusion) as malicious. “They were customized to avoid detection and for use in specific environments,” the source said.

That source and one other involved in the investigation who also asked not to be named said the POS malware appears to be nearly identical to a piece of code sold on cybercrime forums called BlackPOS, a relatively crude but effective crimeware product. BlackPOS is a specialized piece of malware designed to be installed on POS devices and record all data from credit and debit cards swiped through the infected system.

According [to] the author of BlackPOS — an individual who uses a variety of nicknames, including “Antikiller” — the POS malware is roughly 207 kilobytes in size and is designed to bypass firewall software. The barebones “budget version” of the crimeware costs $1,800, while a more feature-rich “full version” — including options for encrypting stolen data, for example — runs $2,300.

Assuming the people behind the attack purchased BlackPOS and then deployed it on Target’s registers, spending a few thousand dollars for some malware code and netting 40 million credit card and PIN numbers in return is a steal.

Target hasn’t yet revealed how the hackers were able to break into their POS network, although Krebs’ source does say they got through via a compromised web server. But the details that continue to emerge from the case are certainly an eye-opener for every retailer out there.

Sign up for our e-newsletter

About the Author

Ricky Ribeiro

Online Content Manager

Ricky publishes and manages the content on BizTech magazine's web site. He's a writer, technology enthusiast, social media lover and all-around digital guy. You can learn more by following him on Google+ or Twitter:


Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....


The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...


Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.