Credit card data theft hit at least three retailers, lasted 18 months

Goodwill Industries was one of three companies affected by an attack on a retail managed service provider that went undetected for over 18 months.

In July, it was revealed that Goodwill Industries had suffered from a credit card data breach that affected the charitable retailer’s stores in at least 21 states. The Goodwill breach seemed by many to be just the latest case of criminals taking advantage of the weak underbelly of retailers—their point-of-sale systems. But now, as it turns out, the Goodwill breach was just part of a much larger attack on an outside managed service provider that affected at least two other companies. And many more may have been affected without their knowledge.

Security reporter Brian Krebs first broke the news on the Goodwill breach in July and traced the breach back to C&K Systems, a reseller of retail software systems from NCR, Retail Pro, and other retail software and systems providers. Goodwill had outsourced much of the operation of its retail systems, including its point-of-sale (POS) systems, to C&K through a managed service contract.

In a statement published on Monday, C&K Systems admitted that they had suffered a breach of point-of-sale systems tied to their “Hosted Managed Services Environment.” The company determined with the assistance of outside forensic investigators that the breach began sometime in early 2013. “The unauthorized access affected our Hosted Management Services Platform intermittently between February 10, 2013 and August 14, 2014.”

Read 11 remaining paragraphs | Comments

Popular financial trojan Citadel gets a makeover as a corporate spy

The Citadel trojan, a popular program used by cybercriminals to gather banking credentials and steal money from accounts, has become the latest financial malware to be repurposed as a tool to steal industrial secrets—this time from petrochemical companies in the Middle East.

During mid-summer, unknown attackers used the program to gather data, including e-mail messages and credentials, from the firms, IBM Trusteer stated in an analysis published on Monday. The company's researchers identified Citadel as the malware used to infect and steal data from the companies, which included "one of the largest sellers of petrochemical products in the Middle East and a regional supplier of raw petrochemical materials," the analysis stated.

The attack shows that either cybercriminals are branching out into stealing valuable industrial secrets or that industrial and nation-state spies are using off-the-shelf malware and opportunistic infections to gather sensitive information, says Dana Tamir, director of enterprise security for IBM Trusteer.

Read 7 remaining paragraphs | Comments