Target data breach part of broader organized attack

Target is taking the financial and reputation hit for its customer data breach, but is reportedly part of a much broader cybercrime campaign that apparently runs through the former Soviet Union.

Special Feature

IT Security in the Snowden Era

The Edward Snowden revelations have rocked governments, global businesses, and the technology world. When we look back a decade from now, we expect this to be the biggest story of 2013. Here is our perspective on the still-unfolding implications along with IT security and risk management best practices.

Read now

The Wall Street Journal, citing a confidential U.S. government report, reported that the hackers that went after Target spoke in Russian and the attacks were part of a broader effort. Target first reported that 40 million credit and debit card accounts had been compromised. In a follow-up, Target said that 70 million people may have had their personal data compromised.

Given the attacks landed in the peak holiday shopping season, Target took a financial hit and expects that it will face more costs.

More: Cisco's annual security report offers grim outlook for 2014 | Likely candidate for Target breach malware found | Target CEO promises cybersecurity education of the masses | Cisco on major retail hacks: Point-of-sale hardware is the problem | More retailers hit by security breaches; malware found on Target's POS machines | Target's data breach: It gets worse

The U.S. government report, written with the help of iSight Partners, outlined the following:

• The attack may have ties to organized crime in the former Soviet Union.
• Target's credit card readers had been on the black market since the Spring and were partly written in Russian.
• Malware used in the attack couldn't be detected by antivirus software.

The U.S. Department of Homeland Security sent its findings to financial services and retail companies. In a blog post, iSight outlined the following but didn't release too much information.

iSight Partners, working with the U.S. Secret Service, has determined that a new piece of malicious software, KAPTOXA (Kar-Toe-Sha), has potentially infected a large number of retail information systems. A joint publication has been issued by the Department of Homeland Security, USSS, FS-ISAC and iSIGHT Partners.

Nieman Marcus is the only other retailer to note that its shopper data was compromised during the holiday.

If the iSight and Department of Homeland Security report is correct other retailers are likely to come clean about attacks and compromised customer data. In other words, you can expect a lot more apologies like Target's.