In an exclusive interview with Reuters on January 17, Andrew Komarov, IntelCrawler’s CEO said that his firm has alerted law enforcement, Visa Inc. and intelligence teams at several large banks regarding evidence of at least six more ongoing attacks on merchants across the country. The cyber security firm determined that the credit card processing systems are infected with the same type of malicious software used to infiltrate Target Inc.
This confirms other reports this week that several other retailers were breached as part of a massive attack on merchants. On Jan. 16 Homeland Security and the intelligence firm iSIGHT Partners warned merchants and financial service companies that the software used against Target had been used in a string of other breaches.
It is believed the malicious program was developed by a 17-year-old hacker whose nickname is "Ree4" and living in St. Petersburg, Russia. The teenager sold the malicious software to cybercriminals via underground websites.
John Watters, chief executive of iSIGHT Partners, said that he expects the pace of assaults on merchants to pick up. Copycats will pile on, using similar software, which can be purchased on underground forums, and similar techniques to launch attacks on retailers, he said. "They are saying: 'This is a great idea.'"
The basis for the malware code has been floating around underground cybercrime forums since at least 2005 according to Shane Shook, an executive with cybersecurity firm Cylance Inc. who has helped investigate major breaches for retailers.
Brian Krebs’s Jan. 17th blog talked about why the malware went undetected for almost three weeks. While similar to other known viruses, it wasn’t until a sharp security specialist sent it to Virustotal where it was compared to other coding. It was concluded that not a single antivirus product on the market detects the two malicious files used in the Target attack.
On the positive side it appears that finally Homeland Security, merchants and the financial industry are starting to band together.