Amid Target breach fallout, a focus on malware’s rise (Part 1)

by Charles Leaver

March 6, 2014

access_time 4 min read

Target has been caught in the eye of a storm of public scrutiny ever since news surfaced that between Nov. 27 and Dec. 15, 2013, credit and debit card data for 40 million customers fell victim to a breach of the store's security infrastructure. And the breach did not stop there. Other personal information, including phone numbers and addresses, was compromised for an additional 70 million customers, bringing the total number of people affected to 110 million, or about one third of the country's population.

But the recent news of Target's CIO stepping down will not help solve the problem of malware's growing threat - a threat that needs to be addressed now more than ever with better endpoint data protection among businesses and individuals.

Within the cybercrime, a move toward unity and cohesion
The stereotypical image of the hacker is that of a person pounding away alone, their activities a study in socially detached behavior. But as the details of the Target attack indicate, the hacker community is hardly a lone wolf effort.

Before the Target attack even happened, security researchers at IntelCrawler posed as cybercriminals on online forums in order to preemptively identify the point of origin of various malware attacks. Far from being closed-off shut-ins, it turned out that malware authors were eager to engage socially and talk about their work. One in particular was especially forthcoming about malware he had put together that was designed to attack point-of-sale systems.

"It grabs dumps from memory," the author explained to the IntelCrawler representatives, who were disguised by an alias. "You need standalone Point-of-Sales terminals with monitors and Windows."

These explicit instructions were then followed by a cash pitch: $2,000 for access to the malware. It was this malware that was eventually bought and put to use against Target, resulting in one of the most devastating data breaches of all time. The company is still coping with the repercussions of the attack, and will be for the indefinite future.

What surprised the researchers at IntelCrawler was the identity of the malware author, which they discovered via social media platforms. The culprit was hardly a James Bond villain. Instead, he was a Russian teenager whose social media page revealed a slight, fair-haired kid playing the guitar. The youth and presumable inexperience of the malware author did little to help Target's reputation on the global stage.