Archive for January, 2014

Target data breach caused, in part, by stolen vendor credentials …

We’re learning more about the investigation into the Target data breach and how hackers were able to steal consumers’ credit card and personal information: Target admitted Wednesday that hackers first stole a vendor’s credentials, which is how they got access to Target’s database. 

“The ongoing forensic investigation has indicated that the intruder stole a vendor’s credentials, which were used to access our system,” Target spokeswoman Molly Snyder said in a statement quoted by Reuters.

She didn’t elaborate on the credentials taken or who the vendor was.

As we reported earlier, hackers used malware to infect the point-of-sale register and steal credit and debit card information. The data was transferred to an internal Target server and later downloaded in Russia. 

Indications are that the hackers may have gone undetected because they “disguised” as administrators. 

Brian Krebs of Krebs on Security said hackers used the names “Best1_user” and the password “BackupU$r” to log into the shared drive at Target. A similar-sounding user name (“Best1_user”) is the administrator-level account that’s installed with an IT management software.

U.S. Attorney General Eric Holder revealed at a Senate Judiciary Committee hearing this week that the U.S. Department of Justice is investigating the Target data breach. He said the department is also trying to find “any individuals and groups who exploit that data via credit card fraud.”

The Secret Service is the lead investigator on the Target data breach as well as other breaches at Neiman Marcus and Michaels.

Reuters reported the FBI has warned American retailers to prepare for more cyber attacks after discovering about 20  hacking cases over the past year that involved the same kind of malicious software used against Target.

At least three congressional panels are scheduled to hold hearings on the breaches, Reuters said.

If you’re affected by the Target data breach, make sure to request a year of free credit monitoring, which includes help in case of identity theft or credit card fraud. Here’s how to sign up

You can find a list of many more useful tips on how to protect yourself from credit card fraud and identity theft in this Public Investigator blog post

For more consumer news, viral news, tips and the occasional freebie, follow Gitte Laasby on Twitter @GitteLaasbyMJS or like her Facebook page.

Article source:


No Comments

Target Says Card Data Breach May Have Come Through Vendor

Target Corp. (TGT), the second-largest
U.S. discount retailer, said the theft of credit- and debit-card
data last month that affected tens of millions of customers may
have occurred through the use of a vendor’s credentials.

“We can confirm that the ongoing forensic investigation
has indicated that the intruder stole a vendor’s credentials
which were used to access our system.” Molly Snyder, a Target
spokeswoman, said today in an e-mail.

The Minneapolis-based company said in December that data
from 40 million accounts were compromised during the holiday
shopping season
. Earlier this month, it said the breach affected
more people and more information than previously thought,
including personal data for as many as 70 million people
collected over several years. Target said the breach hurt
holiday sales and cut its fourth-quarter forecast for U.S.

Snyder, citing the investigation, said she had no
additional details to share.

The suspected use of a vendor’s credentials was reported
earlier today by the Wall Street Journal.

The Target hacking case was followed on Jan. 10 when Neiman
Marcus Group Ltd. said customer credit cards may have been part
of a security breach. The retailer later said about 1.1 million
cards may have been affected.

Michaels Stores Inc., the world’s largest arts-and-crafts
retailer, said on Jan. 26 that some of its customer payment-card
data may have been used fraudulently, making it the third U.S.
retailer to report such a breach since December.

To contact the reporter on this story:
Cotten Timberlake in Washington at
[email protected]

To contact the editor responsible for this story:
Robin Ajello at
[email protected]

Article source:


No Comments

This Week In Credit Card News–Possible Data Breach At Michaels, Thefts Not …

Michaels Warns of Possible Data Breach

Michaels Stores said it may have been the victim of an attack on its data security, making it the third major chain in a rash of assaults aimed at U.S. retailers. The company said it hasn’t determined that a breach occurred, but said it is working with federal law enforcement authorities and computer security experts to determine what happened. [The Wall Street Journal]

Data Theft Not Deterring Americans From Using Credit Cards

Most Americans have been victims of data theft, but that hasn’t stopped them from using credit cards and social media sites or shopping online. One in three Americans surveyed said they have seen fraudulent charges appear on a debit or credit card, and a quarter have had their email hacked, according to a recent poll. Only 38% of Americans have never had personal data stolen, the poll found. About 64% of the data theft victims said the experience had not deterred them from using their credit or debit cards, and 63% continued to shop online. [Chicago Tribune]

Apple Pushes Deeper into Mobile Payments

Apple is laying the groundwork for an expanded mobile payments service, leveraging its growing base of iPhone and iPad users and the hundreds of millions of credit cards on file through its iTunes stores. Apple could offer iPhone users the option to fill in credit card information automatically based on a card already registered with iTunes. [The Wall Street Journal]

The Move to EMV Credit Cards

Recent data thefts at Target and Neiman Marcus that have affected millions may force a long-overdue change to EMV credit cards. While the United States accounts for only 27% of the credit card transactions in the world, it is responsible for 47% of card fraud, according to the Nilson Report. []

Banks Have Replaced 15.3 Million Cards Since Target Breach

U.S. banks have spent more than $153 million so far replacing 15.3 million debit and credit cards after the huge data heist from Target, and the numbers are only growing. As more retailers announce breaches, the price tag for banks could grow to “hundreds of millions of dollars, and possibly billions.” [Star Tribune]

Were You Charged $9.84? It Might Be Fraud

Be on the lookout for a $9.84 charge on your debit or credit card. Thieves are using stolen payment cards to make small charges that could easily go unnoticed. The charges are attributed to generic-looking websites such as, and, which claim to offer customer support services. The Better Business Bureau put out a national alert about the scam. [CNN Money]

Feds Bust Online Counterfeit Credit Card Operation

Federal authorities have arrested three Florida men for running a major online operation that printed and sold fake credit cards and debit cards, resulting in an estimated $34.5 million in fraud losses., filled orders for approximately 69,000 counterfeit cards, 35,000 holographic stickers to make the cards appear more realistic, and 30,000 state identification cards with holographic overlays. Over 3,600 parcels were shipped via the United States postal service. []

Visa Posts Higher Profit as Payments Volume Rises

Visa’s fiscal first quarter profit rose 8.8% as the company recorded a rise in operating revenue and payments volume. While consumer borrowing has remained muted, spending on debit and credit cards has stayed strong as consumers migrated from cash and checks to electronic payments. [The Wall Street Journal]

Article source:


No Comments

Yahoo data breach causes concern

(AP Photo/Julie Jacobson, File)

SPRINGFIELD, Mass. (WWLP) – It has happened again: another major hacking scheme, and this time, it’s affecting people globally.

Yahoo announced some of their email customer’s usernames and passwords have been stolen.

The world’s second largest e-mail service said that they believe the hackers have been able to gather personal information about the people who their email customers have recently been in contact with.

Breaches like this one have Ramon Planas of Springfield more protective of his personal information.

“Everybody has to be hesitant of where and who you give your personal information to,” Planas said. “It feels like hackers are everywhere, and our personal information is not safe any longer.”

Yahoo serves 273 million people worldwide; 81 million of those customers are here in the United States.

Article source:


No Comments

Attackers Target Yahoo Mail Accounts in ‘Coordinated Effort’ to Own Users

Article source:

No Comments

Chewbacca Point-of-Sale Malware Campaign Found in 10 Countries

Before you think that RAM scraper malware was a phenomenon specific to the Target breach, think again. A four-month-long crime spree targeting point-of-sale systems in a number of industries has been discovered; the campaign, however, is not related to the mammoth Target break-in or other recently reported hacks at Neiman Marcus or Michaels.

The malware in question is the privately sold Chewbacca Trojan, which is a two-pronged threat that uses the Tor anonymity network to hide its communication with the attackers’ command and control infrastructure. Chewbacca not only infects point-of-sale terminals with the RAM scraping malware in order to steal payment card data before it is encrypted, but also drops keylogging software onto compromised systems.

Researchers at RSA Security discovered the criminal campaign and say it has found malware samples used in 10 countries, primarily in the United States and the Russian Federation. Will Gragido, senior manager at RSA FirstWatch, the company’s research arm, said the command and control server they intercepted has been taken offline—likely by its Ukrainian handlers rather than law enforcement—putting a halt to the campaign. Gragido said the criminals had their hands on 49,330 credit card numbers and there were 24 million transaction records on the attackers’ server.

“It’s actually a mixture of industries that have been hit: some broadband providers were impacted, retailers, supermarkets, gas stations, and other associated businesses,” Gragido said. “It’s a sloppily put-together piece of code; it’s not the most sophisticated code, but it seems effective.”

The original Chewbacca samples were found in October and reported by Kaspersky Lab’s Global Research and Analysis Team in December.  While the original attack vector is not yet understood, Chewbacca’s behaviors are pretty self-evident. Chewbacca finds running processes on compromised computers, reads process memory, drops a keylogger and is able to move that information off of infected machines, said Marco Preuss, director of research for Kaspersky Lab in Europe.

The malware is a PE32 executable compiled with Free Pascal 2.7.1; its 5 MB file includes the Tor executable, which the attackers use to move data and communication between infected POS terminals and servers, and the attackers. Once executed, Chewbacca drops as spoolsv.exe into the victim machine’s startup folder and then launches its keylogger and stores all keystrokes to a log created by the malware, Preuss said. Spoolsv.exe is the same name used by the Windows Print Spooling service; the malware does so to insert itself into the startup process and maintain persistence.

Gragido said RSA FirstWatch had infiltrated the attackers’ original command server, which was using a Tor .onion domain for obfuscation.

“We think we caught this campaign early on,” Gragido said. “Chewbacca has not been out there very long. We’ve seen it established in a few small retailers and service providers.”

The Target breach has elevated awareness around point of sale malware, in particular RAM scrapers. Target admitted shortly before Christmas that attackers has been on its network and stolen 40 million payment card numbers from infected point of sale systems, along with the personal information of 70 million people, putting potentially 110 million at risk for identity theft and fraud.

New details emerged this week on just how burrowed into Target’s network the attackers were. Experts believe the initial compromise was a SQL injection attack that allowed the attackers access to the network. Once there, it’s apparent they took advantage of hard-coded credentials on system management software used by the retailer to set up a control server on the Target network and moved data out in batches.

“We don’t have anything from an evidentiary perspective that this is tied to Target, Neiman Marcus or Michaels,” Gragido said. “The malware is different, the attackers’ MO is different, there’s no common infrastructure or common malware. The gang behind it, we think, is a newer crop of folks with activity in Eastern Europe, but it’s hard to say.”

Latest Tweet from:

Categories: Malware

Leave A Comment Cancel Reply

Recommended Reads

Article source:

No Comments

Boasting Better Encryption, Bug Fixes, OpenSSH 6.5 Released

Article source:

No Comments

DailyMotion Still Infected, Serving Fake AV Malware

Article source:

No Comments

Dozens of retailers and gas stations hit by data breach

Dozens of U.S. gas stations and retail stores have been hacked by Ukranian thieves in a data breach that impacted an estimated 50,000 customers, according to a report by Bloomberg.

The data raids were described as being less sophisticated than breaches that hit retailers Target Corp. and Nieman Marcus in recent weeks. The smaller raids were discovered by RSA Security LLC, a cybersecurity company.

Here’s the report from Bloomberg:

Article source:


No Comments

URM probe into card data breach wrapping up

List of stores

Read the list of stores where credit and debit card information was potentially exposed to fraud here.

Spokane’s URM Stores on Thursday announced that the company is close to finishing an investigation of a credit card security breach last fall, and listed nearly 70 stores where transactions were exposed to card fraud.

The company, a co-op food distributor and payment processor serving more than 300 grocery stores in the region, did not say whether it has identified the source of the network breach. The FBI and the Secret Service continue to investigate but have made no statements about the incident.

Starting Sept. 1, card data from 67 stores in Washington, Idaho, Oregon and Montana was exposed by the breach.

The exposure continued until Nov. 24, according to a URM Stores press release.

URM first identified the existence of the breach on Nov. 25, after several area credit unions began contacting the co-op, reporting an apparent link between fraud reports and cards’ regular use at area grocery stores.

URM at the time added new security measures to prevent a similar breach in the future, company CEO Ray Sprinkle said.

The release noted the hackers could have had access to “track 2” data, which includes card number, expiration date and card verification or security number.

“For a small number of transactions the attacker may have had access to ‘track 1’ data, which contains the same data as track 2 plus the cardholder’s name,” the release said.

URM cannot identify the specific cards that were exposed, the release also said. The release also noted that URM Stores discovered the attack was similar to other breaches reported by grocery networks.

“We will be sending a letter or email to a small group of individuals where we believe track 1 data from their card was at risk and a member store could match the cardholder’s name to a mailing or email address on file,” the release said.

No phone numbers or Social Security numbers were at risk, it added.

The stores exposed during the breach included: Yoke’s Fresh Market, Super 1 Foods, Harvest Foods and Stein’s Market. The list notably excluded all Rosauers, Trading Co. and CenterPlace Market stores, which were originally considered among the chains exposed.

Many area banks and credit unions have borne the cost of replacing URM customers’ debit and credit cards. Many are also on the hook for thousands of dollars in credit card fraud involving illegal purchases made across the country with hacked card numbers.

The company also urged any cardholder who shopped at stores served by URM Stores to regularly review their card statements.

Article source:


No Comments