According to RSA malware operation originating from the Ukraine that has stolen payment card and personal data from 45 small and midsize retailers, Some 50,000 cards were affected.
The malware used in these attacks is less sophisticated than what was used in the breaches at Target Corp. and Neiman Marcus and has no connection to those attacks.
On last week, the command-and-control server went offline, the malware scraped payments card data from infected POS systems, RSA says in a blog.
The company confirms to Information Security Media Group that 45 retailers were affected, but it declines to name those that were attacked.
Impacted companies are mostly based in the U.S., although malware infection activity has been detected in 10 other countries, RSA says.
RSA has notified the Federal Bureau of Investigation regarding the malware operation, and has been in communication with the victim companies
The company's investigation has determined that the malware responsible for stealing payment card data is "ChewBacca," which it describes as a relatively new, private Trojan that features simple keylogging and memory-scraping functionality.
The memory scanner incorporated in "ChewBacca" operates by dumping a copy of a process' memory and searching it for card magnetic stripe data, RSA says. If a card number is found, the memory scraper extracts and logs it on the hackers' command-and-control server.
The command-and-control server's IP address is concealed. Also, traffic is encrypted and it avoids network-level detection, RSA says.
"The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months," RSA says in the blog.
RSA recommends retailers mitigate these types of threats by developing comprehensive monitoring and incident response capabilities. Retailers also should consider encrypting or tokenizing data at the point of capture and ensure that it's not in plain text view on their networks, RSA says.
The malware used in these attacks is less sophisticated than what was used in the breaches at Target Corp. and Neiman Marcus and has no connection to those attacks.
On last week, the command-and-control server went offline, the malware scraped payments card data from infected POS systems, RSA says in a blog.
The company confirms to Information Security Media Group that 45 retailers were affected, but it declines to name those that were attacked.
Impacted companies are mostly based in the U.S., although malware infection activity has been detected in 10 other countries, RSA says.
RSA has notified the Federal Bureau of Investigation regarding the malware operation, and has been in communication with the victim companies
The company's investigation has determined that the malware responsible for stealing payment card data is "ChewBacca," which it describes as a relatively new, private Trojan that features simple keylogging and memory-scraping functionality.
The memory scanner incorporated in "ChewBacca" operates by dumping a copy of a process' memory and searching it for card magnetic stripe data, RSA says. If a card number is found, the memory scraper extracts and logs it on the hackers' command-and-control server.
The command-and-control server's IP address is concealed. Also, traffic is encrypted and it avoids network-level detection, RSA says.
"The ChewBacca Trojan appears to be a simple piece of malware that, despite its lack of sophistication and defense mechanisms, succeeded in stealing payment card information from several dozen retailers around the world in a little more than two months," RSA says in the blog.
RSA recommends retailers mitigate these types of threats by developing comprehensive monitoring and incident response capabilities. Retailers also should consider encrypting or tokenizing data at the point of capture and ensure that it's not in plain text view on their networks, RSA says.
No comments:
Post a Comment