Η Target confirmed that the attackers had used malwares on cash registers to steal credit card information. About 110 millions προσωπικές ή τραπεζικές πληροφορίες εκλάπησαν. Τα τρωτά σημεία είναι γνωστά, αλλά η επιδιόρθωση τους είναι δαπανηρή.
Ο Gregg Steinhafel , CEO του group Target των ΗΠΑ, αποκάλυψε σε συνέντευξή του στο αμερικανικό τηλεοπτικό δίκτυο CNBC ότι οι ταμειακές μηχανές είχαν μολυνθεί από κακόβουλο λογισμικό, επιβεβαιώνοντας τις υποψίες των εμπειρογνωμόνων σε θέματα ασφάλειας μετά από μαζική violation of data which was announced in mid-December. Asked about the cause of data leakage, Mr Steinhafel said: "We can not yet appreciate its extent, but we have found that malware has been installed on our payment terminals."
As a first step, Target stated that almost 40 million accounts may have been affected by the attack. But on Friday, the company's representative revealed that other information, such as names, emails, addresses, and phone numbers of other 70 million customers, had also been stolen, totaling 110 millions of personal and sensitive data.
RAM sniffing
The type of malicious software where its target was the company's terminals is called RAM Scraper, because they look for the transaction data in the terminal's RAM to be able to intercept it. These machines are computers that were connected to specific devices, such as card readers and keyboards. Most of these devices run a version of Windows Embedded and use special software. Every time customers insert their card into a terminal to make a transaction, the data encoded on the credit card's magnetic stripe – such as the card number, cardholder name, expiration date – is transmitted with the transaction request. to the application responsible for making the payments and to the provider exwork payments registered by the company.
This information is encrypted when it leaves the terminal and when it circulates on the local (corporate) network. But at some point they are stored in plain text format in the system RAM. At this time, the data can be read by a malicious software installed on the computer. This apparently happened in the case of Target's system as well.
Known attacks
Attacks against sales terminals are not a new phenomenon. But their frequency has risen in the past year as well as the interest of cyber criminals for malware RAM Scrapers. In early December, two security companies, independent of each other, reported malware attacks targeting these devices. Target said the theft of information in their systems took place between 27 November and December 15.
Last April and August, Visa issued two security notices to all merchants about malware attacks on terminals. "Since January 2013, there has been an increase in intrusions into retail chains," Visa said in its August advisory bulletin. "Once it has entered the network, the attacker installs a malware parser for the Windows operating system with which the cash registers operate. Malware can be installed on either Back-of-the-House servers (BOH) or to any cash register to recover data from magnetic tape and RAM ”.
To get into the network and the funds, hackers can exploit some security vulnerabilities. But a common method is to remotely intercept the administrator's credentials with his technique Brute Force. In fact, many vendors use third-party services for their technical support. Most of the time these support companies have the ability to connect remotely to their networks and sometimes use passwords access which is easy to guess.
End-to-End encryption protection
In her announcement, Visa recommends businesses to implement better security measures for malware attacks on their networks and on terminals. "We recommend using two-way authentication to access networks and process payments," said the International Credit Card Association. "Even if you are using a virtual private network (VPN), it is important to implement 2 identity authentication. In this way we create a stronger shield against keyloggers or the use of a stolen password. "
Another measure that could prevent press attacks RAM scraping would be the creation of encryption End-to-End ή Point-to-Point. This will ensure that the data entered on the payment card is never displayed as plain text (plain text) during the payment process. But the application of this technologys could include the purchase of new machines (terminals, cash registers, card readers, etc.), an investment that can be very expensive for a large distributor.
By retrieving the information contained in the credit card magnetic tape - those for level 1 (track1) and those for level 2 (track 2) - cybercriminals can completely clone the card. But they still need the PIN to withdraw money from the ATM or make illegal transactions. According to Target, in their case the PIN is encrypted at the keyboard level with the algorithm Triple Data Encryption Standard (Triple-DES ή 3DES), where it is commonly used in payment systems.
We thank her warmly SecTeam @kouzoulos.
