Η Target επιβεβαίωσε ότι οι επιτιθέμενοι είχαν χρησιμοποιήσει malwares σε ταμειακές μηχανές για να υποκλέψουν τα data των πιστωτικών καρτών. Περίπου 110 εκατομμύρια προσωπικές ή τραπεζικές πληροφορίες εκλάπησαν. Τα τρωτά σημεία είναι γνωστά, αλλά η επιδιόρθωση τους είναι δαπανηρή.
Gregg Steinhafel, CEO of the US Target group, revealed in an interview with CNBC, the US television network, that cash machines were infected by malware, confirming the suspicions of security experts after massive violation of data which was announced in mid-December. Asked about the cause of data leakage, Mr Steinhafel said: "We can not yet appreciate its extent, but we have found that malware has been installed on our payment terminals."
As a first step, Target stated that almost 40 million accounts may have been affected by the attack. But on Friday, the company's representative revealed that other information, such as names, emails, addresses, and phone numbers of other 70 million customers, had also been stolen, totaling 110 millions of personal and sensitive data.
RAM sniffing
The type of malicious software where its target was the company's terminals is called RAM Scraper, because they are looking for transaction data in the terminal RAM so that they can intercept it. These machines are computers that were connected to specific devices, such as card readers and keyboards. Most of these devices run a version of Windows Embedded and use special software. Each time customers place their card in a terminal to make a transaction, the data is encrypted on the credit card magnetic tape - such as the card number, cardholder name, expiration date - is transmitted at the request of the transaction. to the competent application for making payments and to the payment processing provider registered by the company.
This information is encrypted when it leaves the terminal and when it circulates on the local (corporate) network. But at some point they are stored in plain text format in the system RAM. At this time, the data can be read by a malicious software installed on the computer. This apparently happened in the case of Target's system as well.
Known attacks
Attacks against sales terminals are not a new phenomenon. But their frequency has risen in the past year as well as the interest of cyber criminals for malware RAM Scrapers. Στις αρχές Δεκεμβρίου, δύο Companies independent of each other, had reported malware attacks targeting these devices. Target said the theft of information on its systems took place between November 27 and December 15.
Last April and August, Visa issued two security notices to all merchants about malware attacks on terminals. "Since January 2013, there has been an increase in intrusions into retail chains," Visa said in its August advisory bulletin. "Once it has entered the network, the attacker installs a malware parser for the Windows operating system with which the cash registers operate. Malware can be installed on either Back-of-the-House servers (BOH) or to any cash register to recover data from magnetic tape and RAM ”.
To get into the network and the funds, hackers can exploit some security vulnerabilities. But a common method is to remotely intercept the administrator's credentials with his technique Brute Force. Στην πραγματικότητα, πολλοί πωλητές χρησιμοποιούν τις υπηρεσίες τρίτων εταιριών για την τεχνική υποστήριξή τους. Τις περισσότερες φορές αυτές οι εταιρείες υποστήριξης έχουν τη δυνατότητα απομακρυσμένης σύνδεσης στα δίκτυα τους και μερικές φορές χρησιμοποιούν codeς πρόσβασης που είναι εύκολο να μαντέψει κανείς.
End-to-End encryption protection
In her announcement, Visa recommends businesses to implement better security measures for malware attacks on their networks and on terminals. "We recommend using two-way authentication to access networks and process payments," said the International Credit Card Association. "Even if you are using a virtual private network (VPN), it is important to implement 2 identity authentication. In this way we create a stronger shield against keyloggers or the use of a stolen password. "
Another measure that could prevent press attacks RAM scraping would be the creation of encryption End-to-End ή Point-to-Point. This will ensure that the data entered on the payment card is never displayed as plain text (plain text) during the payment process. But the application of this technology could include the purchase of new machines (terminals, cash registers, card readers, etc.), an investment that can be very expensive for a large distributor.
By retrieving the information contained in the credit card magnetic tape - those for level 1 (track1) and those for level 2 (track 2) - cybercriminals can completely clone the card. But they still need the PIN to withdraw money from the ATM or make illegal transactions. According to Target, in their case the PIN is encrypted at the keyboard level with the algorithm Triple Data Encryption Standard (Triple-DES ή 3DES), where it is commonly used in payment systems.
We thank her warmly SecTeam @kouzoulos.
