Homeland Security Warns Retailers of ‘Sophisticated Malware’

MINNEAPOLIS -- The U.S. Department of Homeland Security is warning retailers to be on the lookout for sophisticated malware that may have already affected a large number of stores.

The warning follows massive breaches suffered by customers shopping at Target Corp. -- which compromised credit card numbers and other personal information for 110 million customers -- and at The Neiman Marcus Group.

The sophisticated malware currently affecting retailers primarily infects point-of-sale (POS) devices. Hackers obtain names, addresses and email addresses for customers, which they can generally sell for great financial gain at a later date

Once a POS is infected with malware, it monitors data processed on the device, transmits that data to outside the retailer, and then quickly deletes these records so investigators cannot determine the source of the hack.

It is extremely difficult for retailers to prevent a malware attack. Some experts believe chip-and-pin cards, which will be used more frequently in the United States once retailers switch to new POS systems under Europay, MasterCard and Visa (EMV) guidelines beginning in 2015, could have prevented the Target data breach. But other cybersecurity experts disagree.

As for the Target breach, which compromised customers who shopped at the retailer's locations between Nov. 27 and Dec. 15, the hack clearly could have been an inside job, Dwayne Melancon, chief technology officer at data security firm Tripwire, told CSNews Online.

"The fact seems to indicate that the compromise came from deep inside Target's network and implies that the attackers had detailed knowledge of Target's infrastructure, as well as its patching and software deployment practices," he said. "This knowledge would allow them to craft an attack designed to take advantage of specific blind spots in Target's security infrastructure."

This "insider" knowledge could have come from a current Target employee or, more likely, a past employee or trusted business partner, Melancon added.

According to CNN Money, the Department of Homeland Security did not make its malware warning public and provided little information on its content. The government division worked with Dallas-based cybersecurity expert iSight Partners Inc. to craft the secret report.

"What's really unique about this one is it's the first time we've seen the attack method at this scale," Tiffany Jones, a senior vice president at iSight, told The Wall Street Journal. "It conceals all the data transfers. It makes it really hard to detect in the first place."