The news buzz about the latest, large scale, cyber-attack generates more questions than answers. According to the latest reports on the attack at Target, and other retailers, the attack originated from a teenage hacker in Russia.
Using a known malware virus "kaptoxa", the coder performed some coding tweaks to the code and sold it on the hacker black market as a virus under the name "Blackpos".
Modifying existing viruses to develop new viruses is not really news worthy and no different then what other programmers do with other existing code. It is common for a coder to take existing code and modify it for their specific requirements.
What is news worthy here is that the existence of this particular virus, "Blackpos", was discovered long before the Christmas time hack on Target. The hacker had modified the code of "kaptoxa", had created demonstration videos, and was promoting it to potential buyers, months before the attack. A report by PCworld in March 2013 exposed this threat.
Obviously, there is no way to gauge how many bought this program on the black market and the current plans of some hacker or hacking group to exploit this in an even more profound way then the Target hack.
Another 'scratch your head moment' is the way in which this virus landed on the Target servers; most reports indicate a brute force attack is what was used to infiltrate Target's cyber security.
Have we not yet progressed to the point where we understand that smoke almost always signals fire in computer security? If you're operating at x number of attacks and suddenly there is a sharp escalation, does this not prompt you to do an appropriate escalated analysis of a system breach? Additionally, if your aware of a particular program being promoted to attack your system, would you not develop measures to recognize this program's signature and code footprint?
The attack was not discovered moments after it happened, as one would expect, but instead it took several days for Target's security to wake up. This would be like your home alarm sounding several days after it was broken into.
We know the virus was well known before the attack, we know brute force is an attack method we have several years of experience to prepare against, and we know that virus detection is supposed to be a fine tuned art in the computer security world.
Was Target asleep at the wheel of their client's security?
I commend Target on its composed and forthcoming response once the breach was uncovered but this is another wake up call to our Nation that computer security has yet to be taken serious by major corporations and our Government.
I am confident that cyber-attacks will continue and grow stronger. Will our response continue to be weak, bordering on inept?
by Jim Atkins 'thedosmann'