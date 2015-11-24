BOSTON Nov 24 U.S. retailers are hunting for
evidence of new breaches leading into the holiday shopping
season after a cyber intelligence firm privately warned them
about payment-card-stealing malware that it said evades almost
all security software.
"This is by far the most sophisticated point-of-sale malware
seen to date," said Maria Noboa, lead technical analyst for
privately held iSight Partners, which uncovered the malware and
was due to release a technical report about it on Tuesday.
The firm had shared information about the malware, dubbed
ModPOS, with clients in October, and briefed dozens of
companies, including retailers, hospitality companies and
payment-card processors, about its dangers.
Retailers began hunting for the malware in the approach to
this week's unofficial launch of the holiday shopping season,
the busiest time of the year for most merchants, according to
the Retail Cyber Intelligence Sharing Center (R-CISC), an
industry group set up this year to fight hackers.
Retailers have been fending off increasingly sophisticated
payment-card theft schemes for more than a decade. The biggest
breaches to date include a notorious 2013
holiday-shopping-season attack on Target Corp and a
major breach at Home Depot Inc, each of which compromised
tens of millions of payment card numbers.
ISight declined to say how it uncovered the ModPOS threat or
name any targeted retailers.
Some retailers have found digital evidence that linked
threat indicators they had previously seen to ModPOS, though
that does not necessarily mean they were victims of breaches,
said Wendy Nather, director of research for R-CISC.
"I couldn't tell you who is most likely to be compromised by
this," Nather said. "But if it were harmless, we wouldn't even
be talking about it."
Her group, which was set up this year, has approximately 50
members including Gap Inc, J.C. Penney Co,
Lowe's Co and Walgreens.
ISight said it first identified the malware late last year,
but only came to understand its sophistication in recent months
after breaking encryption that hid how the malware works.
ModPOS includes modules for "scraping" payment-card numbers
from the memory of point-of-sale systems, logging keystrokes of
computer users and transmitting stolen data, according to
iSight.
