After Target breach, Homeland Security warns retailers
NEW YORK — (CNNMoney) -- Investigators probing the recent holiday season cyber attack are warning retailers about sophisticated malware that potentially affected a large number of stores.
A homeland security official said Thursday that the malware is described in a government report that has been distributed to retailers.
The warning follows a massive breach at Target that compromised credit card numbers and other personal information on up to 110 million customers.
A private firm working on the investigation, iSIGHT Partners, said the hackers behind the malware "displayed innovation and a high degree of skill in orchestrating the various components of the activity."
"It's not necessarily the specific malware components individually that make this new or sophisticated, but it's really the size or scale of this operation at large that makes this unique," said Tiffany Jones, senior vice president at iSIGHT Partners.
The malware infects individual point of sale devices. It monitors data processed on the device, then transmits that data outside of the retailer, she said.
It is especially hard to detect because it deletes records that could tell investigators it fraudulently transmitted the data, Jones added.
The "malicious software has potentially infected a large number of retail operations," Jones told CNNMoney.
Jones declined to name specific retailers infected with the malware, but her description of its function is in line with experts' understanding of the Target hack. A spokeswoman for Target did not immediately respond to a request for comment.
"We've seen various types of malware that have done that, but its the first time that we've seen this attack at this scale of criminal operation," she said. The malware manages to "covertly subvert network controls" and avoids current anti-virus software.
She declined to say how it was spread, but indicated the malware does not need to be manually installed on each terminal it infects.
The U.S. Department of Homeland Security did not make the government's report public and provided little on its contents. iSIGHT Partners provided CNNMoney a copy of its findings.
The firm referred to the software by a Russian name -- KAPTOXA -- because parts of the code were written in Russian.
Target said in December that the massive breach was due to malware on point of sale systems. Payment data was compromised for customers who shopped between Nov. 27 and Dec. 15.
Hackers obtained credit card data for 40 million in-store customers, as well as personal information -- including names, addresses, phone numbers and email addresses -- for 70 million customers. Hackers also obtained encrypted PIN numbers for debit cards, the company said.
The CEO apologized, and Target said it was working with both law enforcement and a private security firm to investigate the hack.
In recent weeks, banks have replaced millions of debit cards, including JPMorgan Chase. Experts say customers who think their cards may have been compromised should call the company and their bank, as well as change PIN numbers and monitor account statements.
Target representatives are scheduled to give their first public testimony regarding the breach during the first week of February before a panel of the House Commerce Committee, Rep. Lee Terry announced Wednesday evening.