Sunday, February 2, 2014

Target Malware Attack!

If you have recently shopped at Target, then I am sure you have heard about the recent Malware breach, with their POS or Point of Sale systems. It has been estimated that some 40 million U.S credit card and debit card accounts were compromised by the Malware attacks.
What is malware you ask?
Malware is a malicious software that can been downloaded onto your computer, intentionally or by accident. Malware includes of viruses, worms, trojan horses, and other types of software that can damage your system or violate your privacy. Malware can be installed on your computer when you download content, or any application from the Internet, either from email or websites. For more info on Malware click here —–> Malware info.

The Target Corporation is ranked as the 3rd U.S retailer, but you would think that being such a big corporation they would have top notch security in their systems. The attack on Target has been reported to last 19 days, in that time period some 40 Million credit and debit accounts were stolen, and around 70 Million customers were compromised.
These attacks consist of mostly memory parsing, a piece of malware that infects POS systems. (for more info on memory parsing click here). Credit card swipers and cash registers are Point of Sale systems, anytime you swipe a credit card that information is read by the machine, which if infected can also be read by malware attackers. The attackers can either use that information for themselves or sell it to other cyber-criminals.
The FBI has sent out a warning to retailers explaining that they should expect more attacks like the one on Target. In a three page report that was sent out by the FBI warns retail companies that,
“They believe POS malware crime will continue to grow over the near term, despite law enforcement and security firms’ actions to mitigate it. The accessibility of the malware on underground forums, the affordability of the software and the huge potential profits to be made from retail POS systems in the United States, make this type of financially motivated cyber crime attractive to a wide range of actors.”
The interesting thing is the attack happened during the holidays, why this is interesting is because will this be there target time of the year? Will these attacks happen more often during the holidays. How will this affect the economy with everyone too afraid to shop during the holidays.  I know one thing hearing the words “Credit or Debit” when checking out may be a thing of the past.


One thing is for sure, with all these attacks Security companies will be getting a flow of clients.
So what are some of the things that the home user can do to avoid such things.
1. Don't click on any links that are unrecognized or from somebody you don't know, especially in emails.
2. Never download a program that you don't need or ask for.
3. Install network monitoring tools, like WireShark or Microsoft Network Monitor (both are free, and easy to use)
4. Install a Malware protection program like Malwarebytes.
5. Smart surfing, don’t search for sites that could be dangerous. ( List provided here for dangerous sites)
Also a bonus, here is a safe browser extension that is community based. Each time someone goes to a dangerous site they can mark it as such, and the extension will automatically catalog that domain as a dangerous site. So anyone who has the extension will be alerted when they go to any untrusted or dangerous site. Extension available in the Chrome store and at there website here, WOT

No comments:

Post a Comment