Skip to main content
  1. News
  2. Business & Finance
  3. Personal Finance

Retail cyber-breaches: Stealthy hackers two-steps ahead

See also

The attacks on both Target and Neiman Marcus highlight the growing vulnerabilities in attacks on computer systems by determined and focused hackers. As Jay Foley from the ID Theft Info Source has said numerous times, “Whatever program a security specialist can develop there is another IT expert creating a malware program to bring it down.”

The Jan. 12 announcement from Neiman Marcus about their data breach was expected from certain security experts who have been talking behind closed doors. On Jan. 13, Avivah Litan, a security analyst at Gartner, confirmed that she has talked at least two people with specific knowledge that hackers had hit several undisclosed retailers prior to Thanksgiving, perhaps testing malware programs before hitting Target.

"They had developed very specific point-of-sale (POS) malware ... I was told it was the exact same piece of malware, and since November we've been told big retailer breaches were going on," Litan explained.

Retail networks, in general, saw more malicious activity in the second half of the year, according to BitSight, whose network of sensors gathers botnet, spam, malware, and other security risk communication and maps it to specific organizations' networks.

"Since the details of these breaches have not been fully revealed, we do not know if the activity observed by BitSight was indeed the cause of the data loss. BitSight looks only at externally available data and has no access to internal network data. While we did observe increased activity during the time the breaches occurred at Target and Neiman Marcus, these companies were certainly not the worst performers in the retail sector," Sonali Shah, vice president of product at BitSight wrote in a blog post. "SecurityRatings for other companies in this industry are lower; leaving us wondering which retailer will be hit next."

POS systems often have Internet and email access, leaving them open to attack from the outside. In other words, an employee receiving an email with an attached virus could infect the entire system, explained Jay Foley during an interview on Jan. 14.

Major card issuers tried to alert retailers about expected cybercrime activity. Last year VISA sent out several warnings about potential POS malware attacks and detailed security steps to take. US-CERT sent out an advisory warning of an increase in POS attacks on Jan. 2 with this explanation. "Therefore malicious links or attachments in emails as well as malicious websites can be accessed and malware may subsequently be downloaded by an end user of a POS system.”

There is plenty of finger-pointing and speculation as to possible solutions. Litan blames the failure of card issuers to change to smart chips in credit cards instead of magnetic strips. Smart chip technology in cards has been adopted by many other countries around the world.

David Burg from PricewaterhouseCoopers believes that part of the problem is the desire of consumers to use mobile devices and other apps to connect with various companies. “What you have is an attack surface that keeps increasing in size and complexity, making it very hard to secure,” Burg explained.

What will the future bring? “More Target-sized security breaches will happen if banks and retail stores don't start working together to further protect customers' data,” JPMorgan Chase CEO Jamie Dimon said Tuesday, Jan. 14.

Dimon, who had not publicly commented on Target's breach until Jan. 14, said he expects that banks will issue cards with more security features on them in the future. "This might be a chance for retailers and banks, for once, to work together as opposed to suing each other like we've been doing the last decade," Dimon said.

Advertisement

News

  • Mt. Everest avalanche
    Disaster strikes Mt. Everest as at least 12 people were killed in an avalanche
    Video
    Watch Video
  • Most Earthlike planet discovered
    The Kepler telescope has discovered the most Earthlike, possibly habitable planet yet
    Space News
  • Easter crosses create debate
    Easter crosses spark a debate of separation of church and state in Ohio
    Headlines
  • Chelsea Clinton is preggers
    Former first daughter Chelsea Clinton is pregnant with her first child
    Headlines
  • Stanley Cup playoffs
    The battle for Lord Stanley's Cup is on, don't miss a minute of playoff action
    Sports
  • Ukraine discussed amongst U.S., E.U., Russia
    The U.S., E.U. and Russia agree on ways to diffuse the tension in Ukraine
    Video
    Watch Video

Related Videos:

  • Michaels Stores confirms payment card breach occurred in 2013
    <div class="video-info" data-id="518099874" data-param-name="playList" data-provider="5min" data-url="http://pshared.5min.com/Scripts/PlayerSeed.js?sid=1304&width=480&height=401&playList=518099874&autoStart=true"></div>
  • Super Smash Bros adds Pokemon Greninja and Charizard to lineup
    <iframe width="560" height="315" src="//www.youtube.com/embed/KrWL4EuCp5E?VQ=HD720&amp;autoplay=1"></iframe>
  • Windows 'XPires': 400 million active users worldwide left vulnerable to hacking
    <div class="video-info" data-id="518185850" data-param-name="playList" data-provider="5min" data-url="http://pshared.5min.com/Scripts/PlayerSeed.js?sid=1304&width=480&height=401&playList=518185850&autoStart=true"></div>

User login

Log in
Sign in with your email and password. Or reset your password.
Write for us
Interested in becoming an Examiner and sharing your experience and passion? We're always looking for quality writers. Find out more about Examiner.com and apply today!