Target data breach part of broader organized attack

Summary:A confidential U.S. government report indicates that the Target data breaches were tied to a broader effort against retailers. New malicious software called KAPTOXA led the attacks.

Target is taking the financial and reputation hit for its customer data breach, but is reportedly part of a much broader cybercrime campaign that apparently runs through the former Soviet Union.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

The Wall Street Journal, citing a confidential U.S. government report, reported that the hackers that went after Target spoke in Russian and the attacks were part of a broader effort. Target first reported that 40 million credit and debit card accounts had been compromised. In a follow-up, Target said that 70 million people may have had their personal data compromised.

Given the attacks landed in the peak holiday shopping season, Target took a financial hit and expects that it will face more costs.

More:  Cisco's annual security report offers grim outlook for 2014  |  Likely candidate for Target breach malware found  |  Target CEO promises cybersecurity education of the masses  |  Cisco on major retail hacks: Point-of-sale hardware is the problem  |  More retailers hit by security breaches; malware found on Target's POS machines  |  Target's data breach: It gets worse

The U.S. government report, written with the help of iSight Partners, outlined the following:

  • The attack may have ties to organized crime in the former Soviet Union.
  • Target's credit card readers had been on the black market since the Spring and were partly written in Russian.
  • Malware used in the attack couldn't be detected by antivirus software.

The U.S. Department of Homeland Security sent its findings to financial services and retail companies. In a blog post, iSight outlined the following but didn't release too much information.

iSight Partners, working with the U.S. Secret Service, has determined that a new piece of malicious software, KAPTOXA (Kar-Toe-Sha), has potentially infected a large number of retail information systems. A joint publication has been issued by the Department of Homeland Security, USSS, FS-ISAC and iSIGHT Partners.

Nieman Marcus is the only other retailer to note that its shopper data was compromised during the holiday.

If the iSight and Department of Homeland Security report is correct other retailers are likely to come clean about attacks and compromised customer data. In other words, you can expect a lot more apologies like Target's.

target letter

 

Topics: Security

About

Larry Dignan is Editor in Chief of ZDNet and SmartPlanet as well as Editorial Director of ZDNet's sister site TechRepublic. He was most recently Executive Editor of News and Blogs at ZDNet. Prior to that he was executive news editor at eWeek and news editor at Baseline. He also served as the East Coast news editor and finance editor at CN... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.