News Column

Target Malware Attack 'Sign of Things to Come'

January 17, 2014

Julio Ojeda-Zapata, Pioneer Press

Target store (file photo)

The now-infamous Target data breach exposing customers' personal and financial information appears to have occurred in two distinct stages, with a nearly-weeklong pause between the first and the second phases, a data-security company disclosed Thursday.

Seculert, based in Silicon Valley, said it has identified and scrutinized the malware that was used to compromise client data in what is being described as the most serious such data-security breach in U.S. history.

The malware initially compromised the Target point-of-sale equipment that reads customers' cards and extracts financial and personal information from them, according to an analysis by the security company's research lab.

After a six-day pause, a second phase in the attack hijacked a separate, also-infected system within Target to transmit the hijacked clientele data to an exterior server, according to Seculert.

Such transmissions occurred several times over a two-week period starting on Dec. 2, it said.

That is also when the cybercriminals used a second server located in Russia to shift the data from the first server prior to it being made widely available for illegal purchase online.

Seculert detailed its analysis on Thursday in a blog post

Minneapolis-based Target first disclosed the data breach last month, at the height of the holiday shopping season. It said then that debit- and credit-card data from up to 40 million customers were compromised. It then said Jan. 10 that a separate attack stole data from up to 70 million more customers.

Security experts expressed little surprise at the criminals' multi-prong strategy as described by Seculert.

"I'm not surprised by the two-stage attack on Target," said Dipto Chakravarty, executive vice president of engineering and products at Florida-based ThreatTrack Security. "Cybercriminals want to gather all the data first, then in a few motions, download the data. It's a very common attack pattern and likely to become increasingly so."

Vincent Berk, chief executive at New Hampshire-based FlowTraq, called this approach "very crafty, and a sign of things to come."

Malware specifically targeting point-of-sale systems "has been around for a few years and getting more advanced daily," said Neal O'Farrell, director of California-based Identity Theft Council. "If the POS is not only where credit and debit cards are being collected, but where (their data) is unencrypted and in plain text, it's the ideal place to attack."

The holiday data breach at Target Corp. appeared to be part of a broad and highly sophisticated hacking campaign against multiple retailers, according to a report prepared by a global cyber intelligence firm that works with the U.S. Secret Service and the Department of Homeland Security.

In some of the first details to emerge about the source of the attack, the report said parts of the malicious computer code used had been on the online black market since last spring and were written partially in Russian.

In addition, the computer code that infected Target's payment card devices couldn't be detected by any known antivirus software, according to the report.

These details were revealed in a report released Thursday by iSight Partners Inc., a Dallas cybersecurity. The firm also contributed to an internal government report on the breach that included information from government agencies, including the U.S. Secret Service, according to people familiar with the report.

Target officials are expected to testify in early February in Washington on the breach, according to a release Thursday from the Commerce, Manufacturing, and Trade Subcommittee. Law enforcement officials also will be called.

Find Julio Ojeda-Zapata at

Dow Jones Newswires contributed to this report.


(c)2014 Pioneer Press (St. Paul, Minn.)

Visit the Pioneer Press (St. Paul, Minn.) at

Distributed by MCT Information Services

Original headline: Target attack a two-pronged approach, data firm says

For more stories covering the world of technology, please see HispanicBusiness' Tech Channel

Source: (c)2014 Pioneer Press (St. Paul, Minn.)

Story Tools Facebook Linkedin Twitter RSS Feed Email Alerts & Newsletters