A few weeks ago it was released that Target had been a
victim of a cybercrime that had stolen millions of credit card numbers and
other information from consumers from November to December. Now it seems, according to the article on the
Chicago Tribune http://www.chicagotribune.com/business/sns-rt-us-target-databreach-20140117,0,965866.story,
that Target isn’t the only victim of the same style of attack. According to the cyber security firm
IntelCrawler they have uncovered at least 6 other retailers that are infected
with the same malicious software as what was used in the cyber-attacks on
Target. The same article mentions that
Neiman Marcus was also a victim.
The virus that is being used is called BlackPOS which is memory
parsing software that allows cyber criminals to grab the encrypted information when
it travels through the systems RAM and is unencrypted. It is believed that this type of virus is
being used to get the encrypted data since companies in the past few years have
been enabling tighter security and making it tougher for the data to be
stolen. The RAM parsing viruses have
been around since 2005 and maybe as early as 2003. So the fact that cyber criminals are finding
it more difficult to get into company networks is a positive sign that
companies are training and implementing security best practices but the fact
that massive amounts of data have been stolen means that they still have a long
way to go.
Besides having tight security, companies need to invest in
educating their employees at all levels.
All personnel should be trained in IT security at a level that is
appropriate to their position in the company.
A IT security person should be sent to seminars to learn the latest
risks and receive training with regularity.
The office admins should also be trained but it would be at a different
level. I found this article to reflect
both good and bad news for IT security.
The fact that it is more difficult than ever before to steal data is a
good sign but the fact that massive amounts of data can be taken without notice
is disturbing.