Why hackers are targeting big-name retail chains

By Ken Colburn, Data Doctors

PHOENIX, Ariz. — Q: Why are so many big-name retail chains being hacked all of a sudden?

A: While it may seem sudden, retail chains have long been preferred victims for hackers, primarily because there are huge swaths of personal info to be had.

In the past, a company’s large storage servers and internal systems were the targets; that’s what has changed, leading to the increase in high-profile retail hacks.

Sophisticated criminal groups have created and widely distributed malware that can infect the cash registers or PoS (Point of Sale) terminals used by just about all retail businesses.

If they can gain access, they are able to plant something called a RAM scraper, which captures credit card and debit card information from the magnetic stripes on the back of the cards when we swipe them.

Capturing the “mag swipe” data allows the thieves to create bogus cards that include additional security information not available if they just got the credit card number.

This makes what they steal much more valuable on the black market, especially when they can grab tens of millions of cards before the exploit is discovered.

The Department of Homeland Security has posted several advisories for the PoS malware known as Backoff that is responsible for most of the hacks you’re hearing about.

They estimated that more than 1,000 businesses were likely infected, and most were probably unaware of it, because it was easily evading most antivirus detection methods.

Most major antivirus companies have added Backoff malware detection capabilities to their systems, but it’s very likely that the hackers will continue to alter their code to continue the cat-and-mouse game they play with antivirus programs.

What should particularly interest everyone, not just large-scale retailers, is how they are gaining access to these protected systems. The Secret Service has confirmed that the majority of breaches is occurring through commonly used tools that allow for remote access.

Popular remote access tools from Microsoft, Apple, Google and LogMeIn are being exploited through “brute force” attacks, which are essentially massive high-speed password guessing attacks. This means that anyone using these tools for any purpose could be victimized.

Remote access tools are extremely productive both personally and professionally, so if you’re using them, here are some tips for reducing your exposure to these aggressive attackers:

  • Turn off remote access systems that aren’t absolutely necessary.
  • Increase password length to at least 15 characters or more to make brute-force attacks too time consuming, which we’ve explained in detail before.
  • Turn on Intrusion Detection and 2-Factor authentication when available.
  • Use non-standard port settings to bypass known defaults.
  • Use antivirus that has a live protection service to stay protected from new threats.
  • Don’t ignore systems that have noticeably slowed down; this is often an indication of infection.
  • For high security situations, consider replacing remote access with a Virtual Private Network, or VPN.

Businesses should rely on their IT departments or IT vendors to makes sure these technical issues have been reviewed.

If you’re a home user looking to improve security, we have 10 tips for fighting hackers at home.

Follow @WTOP and @WTOPtech on Twitter and WTOP on Facebook.

Federal News Network Logo
Log in to your WTOP account for notifications and alerts customized for you.

Sign up