Facts About Data Stealing Malware Used In Target Attack

Malware written on circuit board

You’ve no doubt heard of the recent attack that stole data, including credit card numbers, from Target customers. After that attack, it was discovered that malware capable of stealing data out of the memory of point-of-sale devices, which are used by retailers and just about any organization that accepts payment digitally. Mathew J. Schwartz of Information Week published some facts about this memory-scraping malware that both users and businesses should know in order to stay safe.

  •  Starting in 2011

The first time a memory scraping malware attack took place was in November of 2011 when several hotels had point-of-sale systems compromised. Since then, the malware has targeted hotels, auto dealerships, healthcare companies and many others. No previous attacks reached the scale of the Target breach, however. It is believed that those attackers successfully stole more records than any similar, previous attack.

  • Avoiding Encryption

You might think that important information like credit card information should be encrypted when stored to avoid this type of large scale attack. At almost all times, this information is encrypted, but not until later in the process. This malware steals data directly from memory, where it’s still in plain text. This could happen almost immediately after you swipe your card and even before payment has been authorized. Once that data is transferred to a hard drive or sent elsewhere, it’s encrypted, which makes it difficult, or in some cases impossible, for hackers to steal it.

  • Vulnerabilities of point-0f-sale

Storing credit card data in plain text is an inescapable vulnerability in point-of-sale systems, which is likely the driving factor behind the way this attack was organized. When information is stored in memory, it needs to be processed, which means it has to be un-encrypted so the data can be used. Memory scraping malware is designed to wait for this moment when data is vulnerable and intercept it.

  • Point of infection

Point of sale systems operate on a network, which means there are a number of ways they can be infected. Any infected device connected to the same network could be the source. If that network isn’t secured properly and is compromised, that opens another option for malware to get in. In the Target attack, the personal information of customers was stolen in addition to credit card information. This suggests that malware had infected more than the point of sale devices. Servers or other databases connected to the internet were also attacked.

  • Remaining Hidden

This type of attack is difficult to detect thanks to intelligent techniques used by hackers. Once malware has infected the network, it still needs to infect the point of sale device to steal valuable data. Doing so would usually set off alarms from security software protecting devices on the network, but in these attacks, encryption and antivirus evasion tools are used to confuse security and operate undetected.

There are other methods to protect devices with many of them stemming from keeping infected devices from directly connecting to point of sale devices. Unfortunately, for users, it’s seemingly impossible to tell if a retailer’s system is infected and will put your data at risk.

If your business would like to explore more robust security options to keep your information and your customer’s information safe from malware attacks, contact Geek Rescue at 918-369-4335.

January 17th, 2014