Tuesday, January 28, 2014

We Are Compromised for We Are Many


[Updated on, January 29, 2014]

According to Kreb's on Security the attackers leveraged a local admin account named "Best1_user" present on PoS terminals to gain entry.  The account is a default administrative account installed by the PoS maker.  The PoS maker notes the password to the account is unimportant since it cannot be used for logon.  Hum...

[Original Post, January 28, 2014]

2013 has been a busy year for cyber criminals according to Marble Security.  Marble's snappy info-graphic is eye popping.  I notice the number of compromised Target accounts appears somewhat conservative, new estimates are around 110 million (Target notes 70 million).  If you want to see the letter's Target is sending to customers you can look at mine (click to expand image).

Digging a little further into the disclosure web site referenced in the email, there are two main areas of action for Target.
  • A $5 million dollar contribution to a new security coalition educating the public on phishing attacks
  • Free credit report for compromised accounts
Educating the public on phishing scams is responsible since information leaked during the breach will undoubtedly be use for Spear Phishing their customers.  Spear Phishing is a technique used by attackers to target individuals with highly personalized emails making them an effective vehicle for malware delivery.  Finally, you are offered a free credit report but only you register to receive it. Target notes on their site they are making some internal improvements but they are not specific.

"We are committed to making this right and are investing in the internal processes and systems needed to reduce the likelihood that this ever happens again. We have retained a leading third party forensics firm who is conducting a thorough investigation of this incident." [Target]

I noticed Brian Krebs has some detailed news on his security web site (A Closer Look at the Target Malware, Part II).  Apparently PoS terminals (credit card readers) were sending captured personal data to attacker systems for later use and abuse.  Sigh...

--Milton


Share It!