By Jim Finkle
BOSTON (Reuters) - The U.S. government on Thursday provided merchants with information gleaned from its confidential investigation into the massive data breach at Target Corp, in a move aimed at identifying and thwarting similar attacks that may be ongoing.
The report titled "Indicators for Network Defenders" brings to light some of the first information gleaned from the government's highly secretive probes into the Target breach and other retail hacks, including details useful for detecting malicious programs that elude anti-virus software.
"It's a shame this report wasn't released a month ago," said Dmitri Alperovitch, chief technology officer of the cybersecurity firm CrowdStrike. "It has been frustrating for some retailers because it has been incredibly difficult for most firms to get information. It has not been forthcoming."
No. 3 U.S. retailer Target disclosed the theft of some 40 million payment card numbers and the personal data of 70 million customers in a cyber attack that occurred over the holiday shopping season. Neiman Marcus last week said that it too was victim of a cyber attack, and sources have told Reuters that at least three other well-known national retailers have been attacked..
The document noted that an underground market for malicious software to attack point-of-sale, or POS, terminals has flourished in recent years. Three of the most popular titles for the malicious software include BlackPOS, Dexter and vSkimmer.
"We believe there is a strong market for the development of POS malware, and evidence suggests there is a growing demand," the report, obtained by Reuters, warned.
The Secret Service, which is heading up the investigations into the cyber attacks, has declined to comment on what it has learned or identify victims besides Target and Neiman Marcus.
ARMED WITH INFORMATION
John Watters, chief executive of the security intelligence firm iSIGHT Partners, which helped draft the document released on Thursday, said that the government decided to provide information to retailers so they can determine whether their systems have been compromised by hackers.
"The point of getting the technical artifacts out there is that people can go out there and examine their systems and see if they have been compromised," said Watters, whose firm has helped the Secret Service in its investigations of retail breaches. "Now they are armed with information and they can go do something about it."
A Department of Homeland Security official said the report was drafted to provide the industry "with relevant and actionable technical indicators for network defense."