During a massive data breach in Target that took place sometime between Nov. 27 and Dec. 15, 110 million customers' data were stolen and sent to a server in Russia.
The data breach has reportedly started with malware-infected point-of-sale (POS) terminals in the American retailing store.
By examining the malicious software, findings from two security companies revealed that Target's network was compromised for more than two weeks.
"The intrusion operators displayed innovation and a high degree of skill in orchestrating the various components of the activity," stated a report from the Dallas-based information security company iSIGHT Partners dated Jan.14.
Also, the report stated that the malware "Trojan.POSRAM" collected unencrypted credit and debit card information right after it was swiped at a Target POS.
The malware, during the time of discovery, "had a zero percent antivirus detection rate, which means that fully updated antivirus engines on fully patched computers could not identify the software as malicious," iSight said.
During the time of attack, the malware was able to collect 11 gigabyte of information from the store's POS terminals, stated Seculert CTO Aviv Raff through a text message sent to PCWorld on Thursday.
The Israel-based Seculert is a cloud-based cyber security technology company.
Further analysis revealed that the malware started sending out payloads of stolen data to a hijacked website's FTP server on Dec. 2. The transmissions took place repeatedly everyday for a couple of weeks, a blog post by Seculert stated.
Moreover, the hackers employed a virtual private server (VPS) in Russia to download and collect the stolen data. However, it's hard to tell if the hackers are based in Russia.
In a phone interview, Levi Gundert, an ex-Secret Service agent and a technical lead for threat research, analysis and communications at Cisco, told PC World, "It's literally impossible to prevent unauthorized access to the network" as defending extensive Internet-connected networks is difficult.
