Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Neiman Marcus Hackers Set Off Nearly 60K Alarms

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 24 Feb 2014 08:35:23 +0000 (UTC)
http://www.pcmag.com/article2/0,2817,2453873,00.asp

BY STEPHANIE MLOT
PC MAG
FEBRUARY 23, 2014
A month after Neiman Marcus revealed a hack of customer credit and debit cards, Bloomberg Businessweek said the attackers set off the retailer's security system about 60,000 times during their strike.
Between July and October 2013, hackers quietly collected card data via "sophisticated, self-concealing" malware installed on Neiman's system, the company said in January. But the exploit took about eight months, Bloomberg said; the hackers were forced to reload their software daily, as it was automatically deleted from the retailer's registers each day. That process also meant that the hackers often tripped hundreds of alarms, which were not detected by Neiman Marcus.
A Neiman Marcus spokeswoman declined to comment, pointing PCMag to the Bloomberg story, which quoted her as saying that the hackers were smart enough to give their malware a title almost identical to the company's payment software, ensuring that alerts would not be picked out of the crowd.
"These 60,000 entries, which occurred over a three-and-a-half month period, would have been on average around 1 percent or less of the daily entries on these endpoint protection logs, which have tens of thousands of entries every day," the company said. 

[...]



--
Subscribe to InfoSec News
http://www.infosecnews.org/subscribe-to-infosec-news/
Previous By Date Next
Previous By Thread Next

Current thread: