Last week, KrebsOnSecurity reported that investigators believe the source of the Target intrusion traces back to network credentials that Target had issued to Fazio Mechanical, a heating, air conditioning and refrigeration firm in Sharpsburg, Pa. Multiple sources close to the investigation now tell this reporter that those credentials were stolen in an email malware attack at Fazio that began at least two months before thieves started stealing card data from thousands of Target cash registers. More...
Stores and card processing companies have reported a steady stream of security breaches for years without a major backlash from consumers, such as those disclosed by TJX Cos in 2007 and by Heartland Payment Systems Inc in 2009.
But the latest thefts - including attacks on Target Corp and Neiman Marcus - have involved a broad set of merchants and could mark a watershed moment for security standards as calls grow for changes in the protection of consumer information.
One sign of the change is a new enthusiasm for payment cards that store customer information on computer chips and require users to type in personal identification numbers. More...
Security experts say the Target hack is a reminder of security problems facing many retailers that won’t easily go away: There are weaknesses in the way payment information travels between retailers and banks. There is plenty of money to be made on the black market selling stolen credit card numbers, which can go for as little as a quarter or as much as $45 each. And American companies have been reluctant to adopt smart-chip cards, a type of credit card widely used in Europe that provides better security.
Target said that from Nov. 27 to Dec. 15 hackers stole customer names, credit or debit card numbers, expiration dates and three-digit security codes for 40 million customers who had shopped in its stores. It is currently working with a forensic team from Verizon to investigate the breach, according to one person involved in the inquiry. But there was no word as to who was behind the attack, how they got in, or what the total cost to Target may be. Thursday, visitors to the retailer’s website found a site festooned in red and green save for a stark black-and-white security notice at the top. Complicating matters, Target was hit during the holiday shopping season, when fraud detection systems have a hard enough time telling legitimate transactions from fake ones.
“This is the perfect storm” for vulnerability to hackers, said Paul Kocher, president of Cryptography Research, a company that develops technologies to prevent fraud. More...
- Email Attack on Vendor Set Up Breach at Target
- With data vulnerable, retailers look for tougher security
- Target Struck in the Cat-and-Mouse Game of Credit Theft
- Technology firms seek government surveillance reform
- Rise of the Machines: Internet-Connected Devices
- Mystery traffic redirection attack pulls net traffic through Belarus, Iceland
- Silicon Valley Nerds Seek Revenge on NSA Spies With Coding
- Russian Cosmonauts Occasionally Infect the ISS with Malware
- Council on CyberSecurity to Revise the 20 Critical Security Controls
- Cybersecurity website reports cyberattacks at data brokers D&B, LexisNexis, Altegrity