Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

Report to Government on Massive Theft of Credit Card Data From Retail Customers

KAPTOXA POS Report Overview – “iSIGHT Partners, working with the U.S. Secret Service, has determined that a new piece of malicious software, KAPTOXA (Kar-Toe-Sha), has potentially infected a large number of retail information systems. This software can find, store, and then transmit sensitive information such as credit card and PIN numbers. These findings are part of a need-to-know joint report released today by the Department of Homeland Security, USSS, FS-ISAC and iSIGHT Partners. The use of malware to compromise payment information storage systems is not new. However, it is the first time we have seen this attack at this scale and sophistication. Importantly, this software contains a new kind of attack method that is able to covertly subvert network controls and common forensic tactics, concealing all data transfers and executions that may have been run, rendering it harder to detect. Many retail organizations may not know that they have been infected, or that they have already lost data.”

Leave a reply