There has been ubiquitous coverage of the cyber attack against Target that resulted potentially 110 million consumers with compromised credit card data. What is only surfacing now is how that attack was carried out. And the most fascinating/disturbing part is that anyone with a website could have been a pawn, unknowingly assisting the cyber crooks. On Friday, Jan 16th, Seculert released information they gained by running a sample of the malware and observing its behavior. Here is a recap of what they found:
1. After gaining entry to a Target web server, malicious software was uploaded to the stores’ point-of-sale checkout counters.
2. The malware then collected credit card numbers and personal details. And after waiting 6 days, the information was transmitted to a hacked website over FTP.
3. Cyber criminals, using a virtual private server (VPS), downloaded the stolen data from the compromised website.
Why Hack a Business Website?
The cybercriminals could have transmitted the stolen information directly to their computers or servers. That would have made tracking their activities quite easy by reviewing the outbound server logs (within Target), so instead they decided to use a less traceable system – which involved a legitimate intermediary website. By placing the stolen data on the intermediary website, they could then access it at their leisure, and cover their tracks by deleting the server logs.
What Can Business Owners Do?
Webmasters must be vigilant, and ensure that their websites are not being used as a part of a cyber criminal’s scheme – whether it is to store data temporarily, spread malware, phish, spam, or a host of other uses. To figure out if content on a webserver is changing, the contents of the webserver can be downloaded and then run through a comparison tool that can provide the differences in a visual format. Or there are costly enterprise tools that can be used to manage changes. A challenge for many companies relying upon shared hosting, provided by providers like Go Daddy, HostGator, and Namecheap, to name a few, is that even if the company bought the expensive software, they could not install it as the access they need is not granted.
Another option is CodeGuard. Every 24 hours we check for changes, and if any are found, we will send you a notification detailing what has changed. It is unfortunate the website owner who had 11GBs of stolen data pass through their site unnoticed was not using CodeGuard. Had they been using CodeGuard, they could have easily seen in their ChangeAlerts that something was awry and should be investigated. Try CodeGuard now for 14 days, at no cost.
Be a part of the solution, not the problem.