U.S. Authorities identify 1,000 more businesses affected by last year’s Target cyber-attack

How serious is the threat posed by cyber-attacks? Well, if the reports coming out of the United States are to be believed, then the answer is far more serious than many of us truly appreciated. Most of us will remember the cyber-attack against US retail giant, Target, last year. Many of us will also be aware that the data breach affected more than 40 million credit cards and compromised up to 70 million user names, email addresses and phone numbers, and cost the banks and credit unions more than $200 million. What few of us will actually appreciate is that as serious as that cyber-attack was, the true implications of that one data breach are only now starting to be fully appreciated. The true costs of the cyber-attack against Target, according to the U.S. Department of Homeland Security, is that a further 1,000 American businesses have, and continue to be threatened or affected by the data breach.

In an article posted last week, the New York Times reported that the U.S. Authorities have confirmed that more than 1,000 businesses have now been affected by the cyber-attack, and that many more business customers are still at risk from criminal hackers. The Department for Homeland Security along with the Secret Service warned businesses at the end of July that a piece of malware or malicious software could still be hiding in their cash register systems. The Authorities believe criminal hackers on the back of the Target data breach are still able to gain access to corporate networks and install the malware in store cash register systems.

Once this malware, dubbed ‘Backoff’ by the online security fraternity, is installed, hackers are able to gather credit card data of the affected cash register systems and networks and sell the information off to foreign servers. What is worrying the Authorities is that the malware is practically impossible to detect with generic anti-virus products, unless specific searches are undertaken to locate the software. The concern, naturally, is that most businesses will not know whether they have been affected or not, and will therefore not bother to check. Consequently the Department of Homeland Security along with the Secret Service, the National Cybersecurity and Communications Integration Centre and their partners in the security industry are advising companies to contact their respective antivirus and cash register vendors to see if they have been affected by the security breach.

The U.S. Authorities are remaining tight-lipped about which companies have been compromised; however, some conclusions have been drawn as the DHS’ advisory was issued just two days after Atlanta-based United Parcel Service Inc, UPS, alerted customers that hundreds of its stores experienced a data breach sometime between January and August. The shipping company reported that IT systems discovered previously unidentified malware within its systems. Moreover, the Wall Street Journal also claimed on Aug. 15 that Supermarket chain Supervalu Inc, SVU, had also reported a similar data breach at 200 of its grocery and liquor stores throughout the U.S. Since these initial reports were filed, seven more companies that manage and sell in-store cash register systems have confirmed to government officials that they have each had multiple clients affected.

According to the Secret Service, the cybercriminals are actively scanning corporate systems for remote access opportunities, and looking for vendors with remote access to a company’s systems or employees with the ability to work remotely. They are then deploying high-speed computer programmes to scroll through multiple username and password combinations until they strike lucky. The cyber-criminals are then scraping payment card data off the cash register systems and sending it back, through various hop points, to their servers abroad. The real worry for the Authorities is that millions of American consumers’ payment card details are being sold on the black market from U.S companies which are unaware that their systems have been breached. The U.S. agencies are therefore recommending that companies segregate crucial systems, like cash registers, from corporate networks and install so-called two-factor authentication, which forces employees to enter a second, one-time password in addition to their usual credentials. They are also recommending that companies encrypt customers’ data from the moment their cards are swiped in the store.

If you are concerned about the escalating security challenges facing your business today and would like to take precautions, then why not speak to Krypsys? Krypsys’ services are focused on helping your business assess its security posture against current and evolving security threats and educating you on the risks to which you are exposed. We have a wealth of experience in security projects in both the public and private sectors and have worked with organisations to protect high value information assets such as trading platforms, e-commerce systems, data-centres and cloud services. We also work with leading IT security vendors and specialist consultancies to close the gaps in your own IT security strategy and to assist in streamlining and prioritising your risk management spending.

Whether you’re looking for help with penetration testing and security reviews, or are looking for advice on security compliance and web security solutions, Krypsys can help you. For more information on web security solutions, please contact Krypsys on 01273 044072 or [email protected].