While you might imagine other big retailers sitting back and having a good ol’ chuckle at the expense of Target, the reality is more like they’re all shaking in their boots. Because if a massive data breach could hit Target, it could happen to any merchant (and probably will hit more). The government wants retailers to be ready, and has released a bunch of information about the methods used in the attack to prepare them.
Homeland Security issued a report called “Indicators for Network Defenders” yesterday, reports Reuters, that includes information the government has learned through its confidential investigation into Target’s breach and other attacks on retailers.
Some information in the report has never been published before, including details that could help retailers identify malicious malware programs that can slip past even the most vigilant anti-virus software.
It’s about time, say some security experts — this information could’ve been super useful back when the attack actually happened.
“It’s a shame this report wasn’t released a month ago,” the chief technology officer of the cybersecurity firm CrowdStrike told Reuters. “It has been frustrating for some retailers because it has been incredibly difficult for most firms to get information. It has not been forthcoming.”
Thus far Target has said about 40 million payment card numbers and personal data of 70 million customers was leaked in a cyber attack that happened over the holiday shopping season. It’s been joined in the “We Got Hacked” club by Neiman Marcus last week, which announced that it was also the victim of an attack.
There appears to be quite a market for malicious software aimed at retailers’ soft spots — the point-of-sale terminals in stores.
“We believe there is a strong market for the development of POS malware, and evidence suggests there is a growing demand,” the report, obtained by Reuters, warned.