Tuesday, January 14, 2014

Scraping Memory

Earlier this week, we finally found out what sort of attack resulted in security breaches at Target and several other retailers. It appears that a type of software known as a "memory scraper," which reads data from live memory. This allows the attacker to view the data before or after it has been decrypted in order for the computer or PoS (Point of Sale) terminal to process it.

Several security researchers have commented on how vociferously Target had insisted that the data on its hard drives had been encrypted using strong encryption. Memory scrapers are an attack vector that can bypass on-disk encryption techniques.

Reuters reports:

Visa Inc issued two alerts last year about a surge in cyber attacks on retailers that specifically warned about the threat from memory parsing malware.
...
It was not clear whether Target's security team had implemented the measures that Visa had recommended to mitigate the risks of being attacked.

Yet a law enforcement source familiar with the breach said that even if the retailer had implemented those steps, the efforts may not have succeeded in stopping the attack.

Last week, Target admitted that its security breach compromised on the order of 110 million cards, which puts it in the top tier of such security breaches.

While the people responsible for the Target hack have not been identified, Krebs identified one person who has been selling credit card numbers that were stolen from Target.

UPDATE: CNET has an interesting article where Target describes the reasons for the delay in notification about a breach that was discovered on Dec 15. It amounts to "we were trying to get ready for the storm."

No comments: