The attackers used the BlackPOS Point-of-Sale malware<\/a> to attack vulnerable payment terminals without point-to-point encryption.<\/p>\n The incident cost Target dearly. Its CIO and CEO stepped down, it had to appease angry customers and authorities, and their profits were heavily affected.<\/p>\n 2014: the year of retailers getting hacked over and over again<\/p>Tweet<\/a><\/blockquote>\n Target wasn\u2019t alone, though that barely brings any solace. Throughout 2014 several other gross retail chains reported they were under attack.<\/p>\n These included:<\/p>\n \u2013 <\/strong>Neiman Marcus<\/strong><\/a>. The actual breach took place between July and October 2013, but it was only disclosed in January 2014. Initially it was reported that at least 2,400 Visa, MasterCard and Discover cards were affected. Later it was revealed that data belonging to 1.1 million people was compromised.<\/p>\n \u2013 <\/strong>Michaels Stores<\/strong><\/a>, Inc., the large craft and home goods retailer, said in late January that it had been investigating a potential data breach that affected an unknown number of cards used in the chain\u2019s stores in the last few weeks.<\/p>\n It wasn\u2019t the first incident of this kind for Michaels: In early 2011 its debit card terminals were attacked in 20 states. This led to a class action suit from the affected customers.<\/p>\n Eventually it was reported that the payment cards of 2.6-3 million Michaels customers were affected between May 2013 and January 2014<\/a>. Also affected was its subsidiary \u2013 Aaron Brothers, with data on roughly 400,000 customers changing hands.<\/p>\n \u2013 <\/strong>Sally Beauty Supply<\/strong><\/a> said in March that it had been the victim of a successful cyberattack with the criminals making off with \u201cfewer than 25,000 records containing card-present (track 2) payment card data\u201d<\/p>\n \u2013 <\/strong>Albertsons and SUPERVALU<\/strong><\/a> grocery chains announced in mid-August that a data breach may have exposed the credit and debit card information of an unknown number of its customers at various grocery store locations in more than 18 states. The attack was active roughly between June 22 and July 17.<\/p>\n \u2013 UPS<\/strong><\/a> announced a few days after that 51 of its stores suffered a \u201cbroad-based malware intrusion\u201d earlier this spring. The company said unnamed malware avoided detection from \u201ccurrent antivirus software,\u201d and it was discovered only after a third-party security firm was brought in for an inspection.<\/p>\n \u2013 Goodwill Industries<\/strong><\/a>. C&K Systems reported in September that Goodwill and two other unnamed retailers were subjects of attacks that lasted for 18 months (Feb.1, 2013 through Aug. 14, 2014). The Infostealer.rawpos Trojan was used to extract credit card data.<\/p>\n \u2013 Home Depot<\/strong><\/a> was compromised, with the credit card information for roughly 56 million shoppers in Home Depot\u2019s 2,000 U.S. and Canadian outlets stolen. 53 million email addresses were stolen as well. The notorious Backoff PoS malware is the main culprit. In November, Home Depot revealed that the incident cost them $43 million<\/a>.<\/p>\n \u2013 Dairy Queen<\/strong><\/a> said in October that it was also hit with Backoff, with 395 of its 4,500 locations affected. Customer\u2019s names and credit card numbers with their expiration dates were acquired, although the exact scope of the leak isn\u2019t known.<\/p>\n \u201cThe company has no evidence that other customer personal information, such as Social Security numbers, PINs or email addresses, was compromised as a result of this malware infection,\u201d the company said in a statement<\/a>.<\/p>\n \u2013 Kmart<\/strong><\/a> acknowledged in mid-October that it fell victim to a \u201cpayment security incident\u201d for most of September and some of October\u201d. The company said payment data systems were infected with an unspecified \u201cnew form of malware\u201d that avoided detection from antivirus software. The company didn\u2019t disclose how many customers were affected.<\/p>\n A few days after Kmart reported their breach, First NBC Bank filed a federal class action suit<\/a> against the company, saying that Kmart\u2019s failure to protect customer information with \u201celementary\u201d security measures left banks liable for the resulting fraud.<\/p>\n \u2013 Staples<\/strong><\/a> office supply chain reported investigating a potential issue involving credit card data. In November, Staples confirmed a PoS malware was at play. Otherwise, it remained tight-lipped on the number of possibly affected customers.<\/p>\n \u2013 Bebe<\/strong><\/a> said in early December that it was under attack between November 8, 2014 and November 26, 2014. Only the stores located in the U.S., Puerto Rico, and the U.S. Virgin Islands were affected. The scope of the attack and the tools used are unknown.<\/p>\n \u00a0<\/p>\n In most cases it was PoS malware that led to the data breaches. It\u2019s not a new type of a threat, but this year\u2019s \u201cstars\u201d \u2013 BlackPOS\/Kaptoxa and Backoff \u2013 showed the level of vulnerability and the sorry state of payment terminals security<\/a> in the companies who process payment data from thousands of people daily. Apparently some of the victims did indeed fail to implement even basic security measures, such as antimalware software for the payment terminals, most of which are Microsoft Windows-based machines.<\/p>\n With the total number of victims towering beyond hundreds of millions, this issue is a hot topic.<\/p>\n PoS malware exploits \u201cinnate\u201d tech flaws in PoS terminals and their Windows flaws<\/p>Tweet<\/a><\/blockquote>\n In their analysis (available on Securelist<\/a>) Kaspersky Lab\u2019s Costin Raiu, Ryan Naraine and Roel Schouwenberg show that the problem is rather technical. \u201cIt\u2019s very clear that PoS networks are prime targets for malware attacks\u201d, they wrote. \u201cThis is especially true in the US, which still doesn\u2019t support EMV chip-enabled cards. Unlike magnetic strips, EMV chips on credit cards can\u2019t be easily cloned, making them more resilient. Unfortunately, the US is adopting chip and signature, rather than chip and PIN. This effectively negates some of the added security EMV can bring\u201d.<\/p>\n However, at least some of the victims have learned their lesson. Back in April, Target revealed it was accelerating plans to set up<\/a> a full chip-and-pin system for its branded credit and debit cards. The company also plans to have terminals capable of accepting chip-and-pin cards in all of its stores by September.<\/p>\n![\"wide-2\"](\"https:\/\/media.kasperskydaily.com\/wp-content\/uploads\/sites\/92\/2017\/05\/06020319\/wide-2.jpg\")
<\/a><\/p>\n