The shopping-season attacks on Target and Neiman Marcus increasingly appear to be part of a coordinated criminal campaign. Most observers believe Target's point-of-sale devices suffered RAM-scraping, a relatively sophisticated attack that extracted card data while those data were resident in memory, and thus less protected by encryption. The malware also apparently performed something akin to what microbiologists call "quorum sensing": remaining quiet and stealthy until the infection achieved the critical mass necessary to work its damage.
Neiman Marcus, which discovered its breach later than Target did, is now assessing damage and notifying affected customers. Other unnamed retailers were also breached. Card data stolen in the attacks has flooded criminal markets. The data ought to be worth billions, but the thieves seem to be having trouble moving their digital swag: there's a glut on the market and the merchandise is still pretty hot.
Since Target and Neiman Marcus were by no means ill-prepared or poorly resourced, it seems safe to conclude that (1) their handling of the incident will prove instructive, and (2) many other, softer targets will discover they've been hit as well.
Elsewhere in the criminal economy the market for do-it-yourself telephony denial-of-service (TDoS) tools thrives.
Oracle, Adobe, and Microsoft all patch later today.
In industry news, Google makes a smart-grid, Internet-of-things play, buying Nest for $3.2B. Facebook snuggles up to VKontakte with a data-sharing agreement. Huawei works on an image makeover amid signs the UK government will shun its hardware.
Researchers develop a model to predict cyber attacks.
Today's issue includes events affecting Belarus, China, European Union, Germany, Russia, Somalia, Spain, Ukraine, United Kingdom, United States..
For a complete running list of events, please visit the Event Tracker on the CyberWire website.
FloCon2014(Charleston, South Carolina, USA, January 13 - 16, 2014) FloCon 2014, a network security conference, takes place at the Francis Marion Hotel in Charleston, South Carolina, on January 13–16, 2014. This open conference provides a forum for operational network...
NASA Langley Cyber Expo(Hampton, Virginia, USA, January 14, 2014) The 2013 NASA Langley Cyber Expo is an annual event dedicated to Cyber Security and Information Technology at this secure facility. As the Cyber Expo hosts, the Office of the Chief Information Officer...
Federal Intel Summit(, January 1, 1970) The Potomac Officers Club is proud to host the 2014 Federal Intel Summit featuring Congressman Mike Rogers and leadership from across the Federal Agencies focused on protecting our national interests.
Federal Mobile Computing Summit(, January 1, 1970) The Federal Mobile Computing Summit: Digital Government Strategy II will feature government leaders who played an instrumental role in the development of the DGS and worked on the resulting deliverables.
Cybertech — Cyber Security Conference and Exhibition(Tel Aviv, Israel, January 27 - 29, 2014) Cybertech Israel, the first event of its kind, will present world-leading companies in the field of cyber defense alongside young companies that offer unique solutions to advance the discipline of cyber...
U.S. Census Data Protection & Privacy Day(Suitland, Maryland, USA, January 28, 2014) The Census Bureau's Privacy Compliance Branch of the Policy Coordination Office is hosting a Data Protection and Privacy Day on January 28. This event is intended to provide a forum for Census employees...
2014 Cybersecurity Innovation Forum(Baltimore, Maryland, USA, January 28 - 30, 2014) The 2014 Cybersecurity Innovation Forum (CIF) is a three-day event, sponsored by the National Cybersecurity Center of Excellence (NCCoE) with DHS, NIST, and NSA as primary participating organizations.
SPONSOR & SUPPORT
Grow your brand and reach new customers.
Grow your brand and increase your customer base by educating our audience about your products, services, and events by advertising on The CyberWire. We’ve built trust with an influential (and often hard to reach) audience of CISOs, CSOs, and other senior execs in the security space, across a wide array of industry verticals. Learn more.
Be a part of the CyberWire story.
People ask us (a lot) how they can support what we do. We have our sponsorships and services, of course, but those are not always within every supporter's financial reach, or it might just not be the right time for you to do those things. That's why we launched our new Patreon site, where we've created a wider variety of support levels, each with some new benefits. Our patrons are important to our future, and we hope you'll consider becoming one. We invite you to become part of the CyberWire story. Become a patron today.