A lot has been written about the incident at the US retailer “Target”. It is always interesting how easy such incidents happen â€“ without really blaming Target in this case. It seems that a virus infected their payment terminals and read the magnetic stripe of the Credit Card including the name of the owner â€“ door wide open to fraud.
Since years, I was looking into the patch management (and the security management) of systems with embedded code. We have seen incidents were Conficker infected hospital systems or here a virus infected point of sales systems. These systems are connected to the internal network (as they need to for business reasons) but at the same time cannot be patched because the vendor does not allow to. Therefore we have a vulnerable and most likely unprotected system connected to the network. No shielding, no protection, nothing at all! Therefore we should not be surprised about attacks â€“ they are actually easy.
Maybe these systems should be included into an ISMS as wellâ€¦.?
- Target point-of-sale terminals were infected with malware (computerworld.co.nz)
- Target point-of-sale terminals were infected with malware (NetworkWorld Security) (networkworld.com)
- Target point-of-sale terminals were infected with malware (infoworld.com)
- Target data breach exposes serious threat of POS malware and botnets (techrepublic.com)
- Target, Neiman Marcus Credit Card Hacking Reveals Third-World US Payment Systems (nakedcapitalism.com)
- Target Confirms Point-of-Sale Malware Was Used in Attack (securityweek.com)