US government sends warning letter to retailers about ongoing breach investigation
Reuters reports that the U.S. government today sent a confidential 16-page letter to retailers, which it says "describes the malicious software and techniques used to attack Target Corp. late last year."
The letter was written with help from security firm iSIGHT Partners, a cyber intelligence firm with offices in 16 countries. In a blog post yesterday, iSIGHT confirmed that it is working with the U.S. Secret Service on the case, and offered this chilling bit of news:
The identification and dissection of the malicious code provides two immediately important insights:
- Recent retailer data breaches may not have been targeted attacks, but may well be part of a broader data theft scheme focused on many operators of point-of-sale systems.
- The scope, scale, and reach of recent data breaches is not yet known.
The piece of malicious software that has been identified is named KAPTOXA (pronounced kar-toe-sha), and iSIGHT says it has "potentially infected a large number of retail information systems." We asked iSIGHT′s Tiffany Jones, the author of the blog, whether they could give any indication of how many different retailers might be affected, but she was not able to comment, citing an "ongoing investigation."
The first traces of KAPTOXA were noticed by iSIGHT in June 2013. The software "contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect."