TRENDING:

RSA: Malware Impacts 45 Retailers

No Connection with Target, Neiman Marcus Breaches Jeffrey Roman (gen_sec) • January 31, 2014    
RSA: Malware Impacts 45 Retailers

Security vendor RSA has uncovered a point-of-sale malware operation originating from the Ukraine that has stolen payment card and personal data from 45 small and midsize retailers. Some 50,000 cards were affected, RSA says.

See Also: OnDemand | Realities of Choosing a Response Provider

The malware used in these attacks is less sophisticated than what was used in the breaches at Target Corp. and Neiman Marcus and has no connection to those attacks, an RSA spokesperson tells Information Security Media Group.

Beginning Oct. 25 and ending the last week of January, when the command-and-control server went offline, the malware scraped payments card data from infected POS systems, RSA says in a blog.

The company confirms to Information Security Media Group that 45 retailers were affected, but it declines to name those that were attacked.

Impacted companies are mostly based in the U.S., although malware infection activity has been detected in 10 other countries, RSA says.

RSA has notified the Federal Bureau of Investigation regarding the malware operation, and has been in communication with the victim companies, the blog says.

ChewBacca Malware

The company's investigation has determined that the malware responsible for stealing payment card data is "ChewBacca," which it describes as a relatively new, private Trojan that features simple keylogging and memory-scraping functionality.

The memory scanner incorporated in "ChewBacca" operates by dumping a copy of a process' memory and searching it for card magnetic stripe data, RSA says. If a card number is found, the memory scraper extracts and logs it on the hackers' command-and-control server.

The command-and-control server's IP address is concealed. Also, traffic is encrypted and it avoids network-level detection, RSA says.

"The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months," RSA says in the blog.

RSA recommends retailers mitigate these types of threats by developing comprehensive monitoring and incident response capabilities. Retailers also should consider encrypting or tokenizing data at the point of capture and ensure that it's not in plain text view on their networks, RSA says.

Previous
Yahoo: Malware Prompts Password Reset
Next
Insurer Sued Over Data Breach

About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.



Around the Network

Identity Security and How to Reduce Risk During M&A
Identity Security and How to Reduce Risk During M&A
Why Health Firms Struggle with Cybersecurity Frameworks
Why Health Firms Struggle with Cybersecurity Frameworks
Protecting Medical Devices Against Future Cyberthreats
Protecting Medical Devices Against Future Cyberthreats
How 'Security by Default' Boosts Health Sector Cybersecurity
How 'Security by Default' Boosts Health Sector Cybersecurity
Evolving Threats Facing Robotic and Other Medical Gear
Evolving Threats Facing Robotic and Other Medical Gear
Is It Generative AI's Fault, or Do We Blame Human Beings?
Is It Generative AI's Fault, or Do We Blame Human Beings?
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
How the NIST CSF 2.0 Can Help Healthcare Sector Firms
Transforming a Cyber Program in the Aftermath of an Attack
Transforming a Cyber Program in the Aftermath of an Attack
Medical Device Cyberthreat Modeling: Top Considerations
Medical Device Cyberthreat Modeling: Top Considerations
Safeguarding Critical OT and IoT Gear Used in Healthcare
Safeguarding Critical OT and IoT Gear Used in Healthcare

Continue »

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing databreachtoday.com, you agree to our use of cookies.