Target Malware Origin Details Emerge

Kaptoxa POS malware cited as culprit behind sophisticated, two-stage operation that moved 11 GB of stolen Target data via FTP to a hijacked server in Russia.

Kaptoxa malware infected Target POS machines, security researchers say.
Kaptoxa malware infected Target POS machines, security researchers say.

Comment  | 
Print  | 
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
2/12/2014 | 12:27:16 PM
Re: Via FTP to Russia
Preach it, brother!  You are right on (...err...) target!
User Rank: Apprentice
1/20/2014 | 12:50:35 PM
How was Target breached?
"After somehow hacking into Target and infecting POS terminals with Kaptoxa..." - this is a very important piece of the puzzle. Does anyone know details on how the hackers breached the perimeter to get the malware onto the POS systems?


User Rank: Ninja
1/19/2014 | 8:35:43 AM
Via FTP to Russia
At what point did Target IT think that allowing any data to go outside its own network is ever needed except for very few gateways to payment processors? And at what point did Target IT think that transferring anything via FTP from secured networks is ever a good idea or needed? Was there ever a review of what data came from where and went to where on a regular (means daily) basis?

At the point the ports were opened (if they were closed to begin with) and at latest when the transfer started all alarms should have rung at the top brass IT offices. It is easy to blame the handful of criminals who surely are culprits, but the grossly negligent indifference of Target IT is as bad. Does anyone investigate those fools?

It is sad when the local store security is better than the network security at corporate. Stealing millions of CC numbers is apparently easier than shoplifting a pack of gum.
Register for Dark Reading Newsletters
White Papers
Current Issue
Five Emerging Security Threats - And What You Can Learn From Them
At Black Hat USA, researchers unveiled some nasty vulnerabilities. Is your organization ready?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
According to industry estimates, about a million new IT security jobs will be created in the next two years but there aren't enough skilled professionals to fill them. On top of that, there isn't necessarily a clear path to a career in security. Dark Reading Executive Editor Kelly Jackson Higgins hosts guests Carson Sweet, co-founder and CTO of CloudPassage, which published a shocking study of the security gap in top US undergrad computer science programs, and Rodney Petersen, head of NIST's new National Initiative for Cybersecurity Education.