After Target’s CEO admitted that the malware behind the massive data breach was found on POS registers in Target stores, Duck explained that POS malware called a RAM scraper scoops up the unencrypted card data during the split-second when it’s vulnerable: while it’s being processed at the register.
“RAM scraping works because payment card data is often also unencrypted in memory (RAM) in the POS register
According to our research, RAM scrapers go back as far as 2009, but they have become more sophisticated and professionalized. SophosLabs detects this kind of malware under the family name Trackr (e.g., Troj/Trackr-Gen, Troj/Trackr-A).
“One of the earliest serious POS RAM scraper attacks that we observed was back in November 2011 when we found that a university and several hotels had their POS systems compromised,” Numaan writes. “Later we saw varied targets including an auto dealership in Australia infected with Trackr.”
Credit card risk
After two people in Texas were arrested for using fraudulent credit cards with numbers stolen from the Target financial data breach, some might have felt relief that police had found the bad guys. According to police, two crooks nabbed at the U.S.-Mexican border used cards containing stolen account information from Target shoppers in South Texas to purchase goods at national retailers in the area.
But the two alleged crooks were only pawns in this cyber scheme, the final actors in a scam that starts with a virus planted on a POS register and ends up costing customers in fraudulent charges; and in the case of these two crooks, possibly their freedom. The chess masters behind the scheme will be much harder to track down.
As Chet Wisniewski, Senior Security Advisor at Sophos, explained in an interview with the Associated Press, the hackers who created the malware used in the Target attack are at little risk of being busted. “Keep in mind, it isn’t illegal to write these kind of codes, just to use them,” Chet says. “And selling [malware] is a lot less risky than taking [stolen] cards into an Apple store.”
Keeping safe
It’s a scary thought that anyone who uses a credit card or debit card is at risk of data theft and fraud. However, the same is true of anyone who uses a computer, mobile device, or other connected device.
Our security experts at SophosLabs and Naked Security are always on duty to offer security tips and advice. But one of the best pieces of advice we can give is ever-green: Everyone should follow computer security best practices. And consumers should proactively monitor their accounts so they don’t becomes victims of credit or identity theft.
0 comments:
Post a Comment