2 More Breaches Linked to Target?
Verizon Investigates More Retailer AttacksVerizon Communications Inc. is looking into two apparent retail breaches that may be linked to recent high-profile incidents, including the Target Corp. breach.
See Also: Forrester Report: Palo Alto Networks: A Leader in Cybersecurity IR Services
Bryan Sartin of Verizon's Enterprise Solutions unit told the Wall Street Journal he couldn't disclose the names of the two retailers. But during the RSA Conference 2014, Gartner analyst Avivah Litan told Information Security Media Group the two retailers were reportedly located in Europe and the U.S., and she's not convinced they are the same attacks being investigated by Verizon.
Verizon spokeswoman Marie McGehee tells Information Security Media Group that the company will not offer details about incidents involving clients, especially when security issues are involved. She also would not confirm whether the affected retailers were located in the U.S. and Europe. "We don't comment on rumor and speculation," she says.
But Dan Clements of cyber-intelligence and retail malware research firm IntelCrawler says his company determined in January that the malware strain known as BlackPOS had infected retailers with Internet protocol addresses managed by Verizon.
"Some of those IP addresses were in the BlackPOS infections," Clements said in an interview with Information Security Media Group at the RSA conference. "These IP addresses were under Verizon, so that could be why they are investigating."
BlackPOS has been linked to numerous retail breaches and may have been involved in the Target compromise.
On Jan. 20, in the wake of the Target attack, IntelCrawler reported that at least six more retailers had likely been compromised by POS malware (see 6 More Retailers Breached?).
Connections to Other Attacks?
Clements could not say whether any of the attacks it had tracked were linked to other recent breaches, such as Target. But Verizon's Sartin told the Wall Street Journal connections to other incidents are likely.
"We've been brought into other situations as the investigator," Sartin told the Journal. "The findings already substantiate a very real link between these later situations and something that recently happened."
The comment from Sartin could be a reference to the Target or Neiman Marcus breaches, both of which involved malware used to compromise payment card data of the stores' customers.
(News writer Jeffrey Roman contributed to this story).