Friday, February 07, 2014

The five reasons hackers had their way with Neiman Marcus for months

http://bobsullivan.net/credit-cards/the-five-reasons-hackers-had-their-way-with-neiman-marcus-for-months/

by Bob Sullivan on February 5, 2014

-----

■First, the malware was apparently not known to the anti-virus community and had been written to evade anti-virus signatures.
■Second, the malware erased its tracks by removing the disk file that had caused it to run, even while the program itself was still running in memory – a highly unusual and difficult-to-achieve feature.
■Third, when the malware scraped and captured card data, it created encrypted output files, so the output files did not exhibit evidence of card-scraping activity – until they were decrypted.
■Fourth, the malware appeared to have features that were custom-built as a result of reconnaissance efforts within our systems that appear to have been clandestinely conducted earlier in 2013.
■Finally, the malware carefully covered its tracks with a built-in capability that wiped out files evidencing its operation by overwriting them with random data – making forensic detection much more difficult.

No comments:

Post a Comment