The Target of a Phishing Scandal
Last week the Target breach was linked back to network credentials that were issued to Fazio Mechanical Services HVAC firm, however, it is now known that those credentials were stolen in an e-mail malware attack. Fazio Mechanical Services fell victim to the malware phishing attack at least two months prior to when the attackers stole the information of 40 million credit and debit cards from Target's POS systems, said Krebs.
While the data theft began on November 27, Target didn't confirm the breach until December 15, and it wasn't until December 18 that the retailer fully scrubbed the attackers' POS malware from its payment systems.
The phishing e-mail that compromised Fazio's systems included a Citadel Trojan, which is botnet-controlled financial malware based on the Zeus source code, according to reports on Krebs. Citadel malware includes the ability to relay video recordings of all Internet sessions to its controllers and log keystrokes automatically, as well as FTP and POP3 e-mail credentials.
A study of banking Trojans released this week by Dell SecureWorks described Citadel's use by criminals as "ubiquitous" and said that the attackers behind the Citadel Trojan have "made concerted efforts to spread Citadel using spam campaigns and drive-by download attacks using different exploit kits." Dell SecureWorks said that it was tracking more than 900 Citadel command-and-control servers in 2013. According to the Dell SecureWorks report, the malware also packs a variety of security software evasion techniques, including "aggressive DNS filtering" to prevent infected hosts from connecting to security sites or receiving antivirus software and signature updates.
For related content:
Target HVAC Systems Linked to Security Faux Pas
Huge Criminal Profits Are Being Made from Retail POS Says FBI
Target's CFO to Testify Before Congress on Data Breach
Target Identifies Suspects, Security Breaches Become Growing Concern
Neiman Marcus Hit With Security Breach and Website Outages
Target Off to a Rough Start in 2014
Target Data Breach Compromises 40M Cards
While the data theft began on November 27, Target didn't confirm the breach until December 15, and it wasn't until December 18 that the retailer fully scrubbed the attackers' POS malware from its payment systems.
The phishing e-mail that compromised Fazio's systems included a Citadel Trojan, which is botnet-controlled financial malware based on the Zeus source code, according to reports on Krebs. Citadel malware includes the ability to relay video recordings of all Internet sessions to its controllers and log keystrokes automatically, as well as FTP and POP3 e-mail credentials.
A study of banking Trojans released this week by Dell SecureWorks described Citadel's use by criminals as "ubiquitous" and said that the attackers behind the Citadel Trojan have "made concerted efforts to spread Citadel using spam campaigns and drive-by download attacks using different exploit kits." Dell SecureWorks said that it was tracking more than 900 Citadel command-and-control servers in 2013. According to the Dell SecureWorks report, the malware also packs a variety of security software evasion techniques, including "aggressive DNS filtering" to prevent infected hosts from connecting to security sites or receiving antivirus software and signature updates.
For related content:
Target HVAC Systems Linked to Security Faux Pas
Huge Criminal Profits Are Being Made from Retail POS Says FBI
Target's CFO to Testify Before Congress on Data Breach
Target Identifies Suspects, Security Breaches Become Growing Concern
Neiman Marcus Hit With Security Breach and Website Outages
Target Off to a Rough Start in 2014
Target Data Breach Compromises 40M Cards