Target Corp. on Friday said it has invested $5 million in a cybersecurity coalition and will be working with three organizations — the National Cyber-Forensics and Training Alliance, National Cyber Security Alliance and Better Business Bureaus — to advance public education around cybersecurity. The group will launch a campaign to accelerate the dialogue around cybersecurity threats and the dangers of consumer phishing scams.
Target on Dec. 19 revealed that credit or debit-card information may have been stolen from 40 million people who shopped in its U.S. stores between Black Friday and Dec. 15. It subsequently learned that another 70 million consumers may have had their names, mailing addresses, phone numbers and e-mail addresses stolen. Target said there may have been some overlap between the two groups, but didn’t specify to what extent.
Target said it plans to learn from experts at the organizations about the challenges associated with cybersecurity, especially phishing scams, and how to educate consumers in an understandable way.
“Cybersecurity has been a burning issue and not enough people have taken it seriously,” said Adam Levin, cofounder of IdentityTheft911.com and Credit.com. “Look at the efforts in Congress to pass cybersecurity legislation that have all failed for some reason or another. It’s tragic to see how many consumers have to become collateral damage before institutions step up and join a fight that’s been going on for a long time.”
The Department of Homeland Security and iSight Partners have been working to define a newly identified malware associated with point-of-sale data breach investigations. A report released to retailers provides “relevant and actionable technical indicators for network defense,” DHS said. “DHS takes malware threats seriously and works with public and private partners to deter malware incidents and mitigate its effects on critical infrastructure.”
Since 2009, DHS’s National Cybersecurity & Communications Integration Center has responded to nearly half-a-million incident reports and released more than 26,000 actionable cybersecurity alerts, the agency said.
Also on Friday, cybersecurity firm IntelCrawler said it has found at least six more ongoing attacks at U.S. retailers. “The massive data breach at Target during the 2013 holiday shopping season used an inexpensive ‘off the shelf’ malware known as BlackPOS,” IntelCrawler said. “The same malware may have also been involved in the Neiman Marcus attack.” Security researchers from IntelCrawler said the author of the malware is about 17 years old and a well-known programmer of malicious code in the underground. “Several other breaches may be revealed soon,” the company said.
“The real bad actors responsible for the attacks on retailers such as Target and Neiman Marcus were just [the programmer’s] customers,” said Dan Clements, president of IntelCrawler.