Brian Krebs: ‘A First Look at the Target Intrusion, Malware’

Brian Krebs:

Target has yet to honor a single request for comment from this publication, and the company has said nothing publicly about how this breach occurred. But according to sources, the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.

“The bad guys were logging in remotely to that [control server], and apparently had persistent access to it,” a source close to the investigation told KrebsOnSecurity. “They basically had to keep going in and manually collecting the dumps.”

In what I suspect is not a coincidence, my wife’s credit card, which she used at Target once during the compromised window, was used for fraudulent purchases two days ago.

Thursday, 16 January 2014