Heartland Hackers Caught; Answers and Questions
Aug 18, 2009, 20:02 (0 Talkback[s])
"To summarize the security issues:
"The attacks on Hannaford, Heartland, 7-Eleven, and the other 2
retailers used SQL injection as the primary vector. In at least
some cases, it was not SQL injection of the transaction network,
but another system used to get to the transaction network.
"In at least some cases custom malware was installed, which
indicates either command execution via the SQL injection, or XSS
via SQL injection to attack internal workstations . We do not yet
know the details.
"The custom malware did not trigger antivirus, deleted log
files, sniffed the internal network for card numbers, scanned the
internal network for stored data, and exfiltrated the data. The
indictment doesn't reveal the degree of automation, or if it was
more manually controlled (shell)."
Recent Breaches- We May Have All the Answers speculates on the
platforms and attack methods.