Target Confirms Point-of-Sale Malware Was Used In Attack

wiredmikey writes "According to Target Chairman and CEO Gregg Steinhafel, point-of-sale (POS) malware was used in the recent attack that compromised millions of credit and debit card account numbers of customers across the country. Steinfhafel told CNBC's Becky Quick in an interview that malware was used in attacks that compromised the company's point of sale registers. According to a report from Reuters, Target and Neiman Marcus may not be alone, as other popular U.S. retailers may have been breached during the busy the holiday shopping season. According sources who spoke to Reuters, attackers used RAM scraper, or Memory parser malware to steal sensitive data from Target and other retail victims. Visa issued alerts about attacks utilizing these types of malware in April 2013 and again in August 2013. Memory parser malware targets payment card data being processed 'in the clear' (unencrypted) in a system's random access memory (RAM). 'The malware is configured to hook into a payment application binary responsible for processing payment transactions and extracts the systems memory for full track data,' Visa explained in a security advisory."

Re:Cheap architecture + short cuts = DOOM

[i.r.id10t]

I'm sure it all looked great, until this happened, then they get 200% more wise.

Experience is learning from mistakes you make

Wisdom is learning from the mistakes other people make

Re:Inside job?

[houstonbofh]

This one is my favorite. Why any retailer is running Windows on a POS PC is beyond anyone that knows how computers work. It should be illegal.

GEtting PCI compliance certification is not cheap, and you need it if you want integrated payment. So far, not a lot of open source POS systems are lining up to pay for certification...

Re:use bitcoin

[DickBreath]

Maybe instead, there is something Target should NOT have used in their store POS systems.

http://www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=4000009407