Data Storage Today

CIO Today Network Sites:   Top Tech News  |   CIO Today   |   Mobile Tech Today   |   Data Storage Today
News & Information for Data Storage Professionals
Vblock™ Systems:
Advanced converged infrastructure
increases productivity & lowers costs.

www.vce.com
Thursday, April 24th 
Next Generation Data Center Is Here!
Trending Topics:   Security Heartbleed Big Data Cloud Computing Windows XP Data Centers OS X Mavericks
Home
Data Centers
Storage Solutions
Storage Networks
Data Storage Issues
Data Security
DST Press Releases
 
Free Newsletters
Top CIO News
 
Mobile Tech Today
 

Network Security

Target Malware Allegedly Written by Russian Pair

Target Malware Allegedly Written by Russian Pair
January 20, 2014 2:10PM

Bookmark and Share
BlackPOS was first developed in March of last year, according to IntelCrawler, and its original name was Kaptoxa, Russian slang for a potato. The security firm said more than 40 builds of the malware used in the Target hack have been sold for about $2,000 each to cybercriminals in Eastern Europe and other countries.

Neustar, Inc. (NYSE: NSR) is a trusted, neutral provider of real-time information and analysis to the Internet, telecommunications, information services, financial services, retail, media and advertising sectors. Neustar applies its advanced, secure technologies in location, identification, and evaluation to help its customers promote and protect their businesses. More information is available at www.neustar.biz.

A security firm has identified two Russians as the creators of the malware behind the attack on Target that netted personal information on as many as 110 million Target customers. But the firm has also said that the attack, and possibly additional attacks, appears to have been carried out by others.

IntelCrawler, a security firm headquartered in Sherman Oaks, Calif., issued a statement on Friday that the identified BlackPOS malware may have also been used against as many as six other retailers. Recent news reports indicate that retailer Neiman Marcus has also suffered a security breach, and the U.S. Department of Homeland Security has warned about similar attacks targeting individual point-of-sale terminals.

KAPTOXA Malware

On Thursday, security company iSIGHT Partners, working with the U.S. Secret Service, announced it has determined that a new malicious software, called KAPTOXA and pronounced Kar-Toe-Sha, "has potentially infected a large number of retail information systems."

In a joint statement by Homeland Security, the Secret Service, the Financial Services Information Sharing and Analysis Center (FS-ISAC) and iSIGHT Partners, the organizations said that any company or institution with a point-of-sale system "may be at risk." A copy of the report is available from iSIGHT Partners.

On Friday, researchers at IntelCrawler first said the age of the BlackPOS malware author was about 17, that he often employs the username "ree4," and that he is based in St. Petersburg. The teen, whom they identified as Sergey Tarasov, is allegedly known in the underground as a prolific creator of malware.

The company also said it had determined that BlackPOS was first developed in March of last year, and that its original name was Kaptoxa, Russian slang for a potato. The security firm said more than 40 builds of the malware have been sold for about $2,000 each to cybercriminals in Eastern Europe and other countries, including underground shops that sell hacked credit cards.

Shibaev and Tarasov

Following its initial fingering of Tarasov, IntelCrawler subsequently revised its identification of ree4 as being Rinat Shibaev, who they said worked closely with "his technical support" Tarasov.

The revision came after Internet security blogger Brian Krebs, an ex-reporter for the Washington Post who was instrumental in bringing the Target hack to light, raised questions about whether IntelCrawler had correctly identified the person behind the software.

IntelCrawler has said that, while the two identified Russians appear to have created the software, the actual attack was carried out by some of their customers, who purchased the malware.

According to IntelCrawler, the attackers were able to plant their BlackPOS malware because the retailers' terminals used default passwords that could readily be guessed.

The economic impact of these security breaches at the retailers could be huge, according to some analysts, because these thefts of vast amounts of personal data could result in a tidal wave of class-action lawsuits, in addition to the actual theft resulting from the thieves' use of the information.

Tell Us What You Think
Comment:

Name:

GoodOldCommonSense:

Posted: 2014-01-22 @ 11:04am PT
They deserve the tidal wave of class-action lawsuits for leaving default passwords. The lawsuits should also target device manufacturers who could, with a little bit of foresight, not equip their devices with default passwords and instead generate a random one for the user on first time installation of the device.



 Network Security
1. Lessons from Verizon's Threat Report
2. Verizon Report Exposes Cyberthreats
3. How Are Web Sites Post-Heartbleed?
4. White House Updating Privacy Policy
5. Target Hackers May Be Tough To Find




 Most Popular Articles
1. Intel Bets on Cloudera for Big Data Analytics
2. SAP HANA Data Warehouse App Gets Faster Analytics
3. Fast Seagate 6 TB Drive Offered for Enterprise Data Centers
4. Resetting All Passwords Now May Be Worst Heartbleed Fix
5. ManageEngine Plug-In Monitors Data Center Security

Have an informed opinion on this story?
Send a Letter to the Editor.
We want to know what you think.
Send us your Feedback.

 Related Topics  Latest News & Special Reports

  Lessons from Verizon's Threat Report
  Officials Reveal Microsoft Data Center
  Verizon Report Exposes Cyberthreats
  Samsung Data Center Catches Fire
  Heartbleed Exploit Could Cost Millions

 Technology Marketplace
Business Intelligence
Get real-time, cloud-based information services with Neustar.
 
Cloud Computing
Next Generation Data Center Is Here! Vblock™ Systems from VCE
 
Contact Centers
HP delivers the future of the contact center with HP Qfiniti 10.
 
Data Storage
Next Generation Data Center Is Here! Vblock™ Systems from VCE
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Enterprise Hardware
Barium Ferrite (BaFe) is the future of tape.
2.5" Enterprise-class SATA & SAS SSDs for server & storage applications
 
Hardware
Protect your network with APC Smart-UPS battery backup
 
Network Security
Protect your network with APC Smart-UPS battery backup
 

Network Security Spotlight
What Verizon's Data Breach Report Can Teach Enterprises
It’s probably not a jaw-dropper, but cyberespionage is officially on the rise. And the use of stolen or misused credentials is still the leading way the bad guys gain access to corporate information.
 
Top Cyberthreats Exposed by Verizon Report
Beyond Heartbleed, there are cyberthreats vying to take down enterprise networks, corrupt smartphones, and wreak havoc on businesses. Verizon is exposing these threats in a new report.
 
Where Do Web Sites Stand, Post-Heartbleed?
A security firm says the vast majority of Web sites have patched themselves to protect against the Heartbleed bug, but now there are questions raised on the reliability of open-source programs.
 
Navigation
Data Storage Today
Home/Top News | Data Centers | Storage Solutions | Storage Networks | Data Storage Issues | Data Security | DST Press Releases
Also visit these Enterprise Technology Sites
Top Tech News | CIO Today | Mobile Tech Today | Data Storage Today

Services:
FreeNewsFeed | Free Newsletters | XML/RSS Feed

About CIO Today Network | How To Contact Us | Article Reprints | Services for PR Pros (In partnership with NewsFactor) | Top Tech Wire | How To Advertise

Privacy Policy | Terms of Service
© Copyright 2000-2014 Data Storage Today. All rights reserved. Article rating technology by Blogowogo. Member of Accuserve Ad Network.