So Target was running Windows XP embedded and it appears they will for quite some time as it’s going to take quote a while to replace all of their vulnberable windows based POS systems with something else. The problem is even if they switch to something else if the underlying operating system(no matter what it is) isn’t kept up to date with patches it may take longer but they wil get owned again. It appears in Target’s case however their web server was broken into which lead these folks to have admin level(or system level in the case of windows) for months. You can bet the thieves made off with EVERYTHING. Also unless they’ve wiped the infected machine and started over they’ll probably get owned again..and again…and again.
If you are a business with POS system you need to see what the underlying operating system is. If it is windows based..especially the xp or any other embedded version you need to upgrade it(xp) or replace it(embedded). Either one of these can have malware installed through the pos terminals or many other means. If you aren’t sure about your systems please contact ETC Maryland immediately
The article text below is only an excerpt. Please read at the links for more details and links. it is a bit technical. If you want assistance in making sense of this contact ETC Maryland.
Target has yet to honor a single request for comment from this publication, and the company has said nothing publicly about how this breach occurred. But according to sources, the attackers broke in to Target after compromising a company Web server. Somehow, the attackers were able to upload the malicious POS software to store point-of-sale machines, and then set up a control server within Target’s internal network that served as a central repository for data hoovered by all of the infected point-of-sale devices.“The bad guys were logging in remotely to that [control server], and apparently had persistent access to it,” a source close to the investigation told KrebsOnSecurity. “They basically had to keep going in and manually collecting the dumps.”It’s not clear what type of software powers the point-of-sale devices running at registers in Target’s U.S. stores, but multiple sources say U.S. stores have traditionally used a home-grown software called Domain Center of Excellence, which is housed on Windows XP Embedded and Windows Embedded for Point of Service WEPOS. Target’s Canadian stores run POS devices from Retalix, a company recently purchased by payment hardware giant NCR. According to sources, the Retalix POS systems will be rolled out to U.S. Target locations gradually at some point in the future.WHO IS ANTIKILLER? A more full-featured Breadcrumbs-level analysis of this malware author will have to wait for another day, but for now there are some clues already dug up and assembled by Russian security firm Group-IB.Not long after Antikiller began offering his BlackPOS crimeware for sale, Group-IB published an analysis of it, stating that “customers of major US banks, such as such as Chase Newark, Delaware, Capital One Virginia, Richmond, Citibank South Dakota, Union Bank of California California, San Diego, Nordstrom FSB Debit Scottsdale, Arizona, were compromised by this malware.”In his sales thread on at least one crime forum, Antikiller has posted a video of his product in action. As noted by Group-IB, there is a split second in the video where one can see a URL underneath the window being recorded by the author’s screen capture software which reveals a profile at the Russian social networking site Vkontakte.ru. Group-IB goes on to link that account to a set of young Russian and Ukranian men who appear to be actively engaged in a variety of cybercrime activities, including distributed denial-of-service DDoS attacks and protests associated with the hackivist collective known as Anonymous.One final note: Dozens of readers have asked whether I have more information on other retailers that were allegedly victimized along with Target in this scheme. According to Reuters, “smaller breaches on at least three other well-known U.S. retailers took place and were conducted using similar techniques as the one on Target.” Rest assured that when and if I have information about related breaches I feel confident enough about to publish, you will read about it here first.
via A First Look at the Target Intrusion, Malware — Krebs on Security.