02 Feb 2014

Target's Magstrip Mayhem – an inside job

A great white paper describing the Malware used against Target is being presented at RSA 2014 by Chester Wisniewski, Sophos Senior Security Advisor, on Wednesday, February 26, 2014 from 8 to 9AM in West Room 3006 -"Buy Candy, Lose Your Credit Card – Investigating PoS RAM Scraping Malware"

After learning of their breach involving the loss of customer data, Target shut down employee and vendor remote access to two computing systems: an HR website called eHR and a database for suppliers called Info Retriever.  The Wall Street Journal quoted Target's Molly Snyder as saying

We can confirm that the ongoing forensic investigation has indicated that the intruder stole a vendor's credentials which were used to access our system.

The indication is strong that the malware was delivered via a compromised vendor account somewhere within the invoicing systems.  More to follow…

]]>