Weekly News Roundup: February 7, 2014
Some news highlights from the past week, including another strain of POS malware infecting merchants around the world, a new clue in the Target breach, and a hacker called ‘Rescator’ becomes the Keyser Söze of the Internet.
SC Magazine – Researchers Discover New Point-of-Sale Malware, JackPOS – Researchers with cyber intelligence company IntelCrawler have discovered a new breed of POS malware known as JackPOS, which is said to have code similar to the RAM-scraping POS malware known as Alina. The JackPOS malware has a very low detection rate, according to IntelCrawler, which added that the first compromised victims began appearing around Feb. 6 in the United States, Brazil, Korea and other locations. According to researchers it is distributed using drive-by download attack and manual planting after successful brute forcing remote access channels (Remote Desktop Protocol, VNC, PC Anywhere).
Krebs on Security – Target Hackers Broke in Via HVAC Company – A major new clue in the Target hacking case has emerged. Last week, Target told reporters that the initial intrusion into its systems was traced back to network credentials that were stolen from a third party vendor. Sources now say that the vendor in question was a refrigeration, heating and air conditioning subcontractor that has worked at a number of locations at Target and other top retailers: Fazio Mechanical Services, a Sharpsburg, Penn.-based provider of refrigeration and HVAC systems. It’s not immediately clear why Target would have given an HVAC company external network access, or why that access would not be cordoned off from Target’s payment system network.
McClatchy DC – Digital Underground Believed to be Behind Attack on Target – Who is Rescator? The answer to that question may lead investigators to the person believed to be responsible for the breach at Target, along with the other associates believed to have worked with him in the operation. Following a trail of clues on the cyber underground has led Brian Krebs and two other security companies (IntelCrawler and CrowdStrike) to a small group of individuals believed to have been the masterminds behind the Kaptoxa malware, the Target breach, and possibly several other retailers used as test cases.