Target XPoSed | TechSNAP 145

Target XPoSed | TechSNAP 145

Real insights into how Target was hacked are coming to light, we’ll give you the technical details behind the massive breach.
Plus: Researchers discover more than 150 0day flaws in SCADA systems, a great batch of your emails, and much much more!

On this week’s TechSNAP!

Thanks to:



Direct Download:

HD Video | Mobile Video | MP3 Audio | Ogg Audio | YouTube | HD Torrent | Mobile Torrent

RSS Feeds:

HD Video Feed | Mobile Video Feed | MP3 Audio Feed | Ogg Audio Feed | iTunes Feeds | Torrent Feed

— Show Notes: —

Target credit card intrusion used PoS malware

  • After the massive breach that resulted in 110 million credit cards of Target customers being stolen by attackers, details about the methodology used in the attack have finally come out
  • The attackers apparently managed to install malware on the Point-of-Sales terminals used in the checkout lines at the stores
  • There were apparently a number of other stores that were targeted and breached, but have not been disclosed yet
  • An unidentified source told Krebs that the Windows share point name “ttcopscli3acs” matches the sample analyzed by the malware scanning website. The thieves used the user name “Best1_user” to log in and download stolen card data. Their password was “BackupU$r”.
  • The class of malware identified by Krebs is often referred to as a memory scraper, because it monitors the computer memory of POS terminals used by retailers.
  • By capturing the contents of the magnetic stripe while it is briefly stored in the memory of the sales terminal, the attackers are able to make cloned cards that can be used to make purchases or other transactions using the stolen cards
  • The POS systems used at Target appear to be embedded systems running custom software on top of Windows XP
  • Target’s Canadian stores (recently acquired from run Hudson’s Bay Company, theoldest commercial corporation in North America, in continuous operation for over 340 years) use POS devices from Retalix. According to sources, the Retalix POS systems will be rolled out to U.S. Target locations gradually at some point in the future
  • PDF Analysis of the malware file
  • US Cert has issued an Advisory about the technique
  • Additional Coverage

Researchers discover more than 150 0day flaws in SCADA systems all over the world

  • Researchers have uncovered a huge number of 0day flaws in various SCADA (supervisory control and data acquisition) industrial control systems that could allow an attack to gain complete control over systems that run energy, chemical and transportation infrastructure
  • Russian researchers spent more than a year investigating ICS and SCADA systems used in everything from home solar panel installations to critical national infrastructure
  • The researchers from Positive Research detailed vulnerabilities include those in Siemens WinCC, the PLCs (Programmable Logic Controllers) targeted by Stuxnet
  • “We don’t have big experience in nuclear industry, but for energy, oil and gas, chemical and transportation sectors during our assessments project we demonstrated to owners how to get full control [of] industrial infrastructure with all the attendant risks,” Sergey Gordeychik
  • “The vulnerabilities existed in the way passwords were encrypted and stored in the software’s Project database and allowed attackers to gain full access to PLCs using attacks described as dangerous and easy to launch.”
  • “The researchers published an updated version of a password-cracking tool that targeted the vulnerability in Siemens PLC S-300 devices as part of the SCADA Strangelove project at the Chaos Communications Conference in Berlin”
  • The researchers also found more than 60,000 ICS systems, mostly installed in homes, directly exposed to the Internet
  • Some of the most commonly exposed devices were from vendors such as Tridium, NRG Systems and Lantronix. Search engines also found a large number of devices such as the Windcube solar smartgrid system, the IPC CHIP embedded device, and the Lantronix SLS video capture platform
  • Additional Coverage


Round Up:

Question? Comments? Contact us here!